GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-23 13:19:41 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHY2160BH rev.890B 149,05GB Running: 2h3rlqfh.exe; Driver: C:\Users\NADIA\AppData\Local\Temp\ugloqpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EE19610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F6115FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8EE1A0E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EE25F18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EE25F64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EE260FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EE25E86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8F611992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EE25ECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8EE1A5E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EE260B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8EE1AE9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EE19676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8EE1E596] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F6116C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8F60FC12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EE196DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EE1E98C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EE1B92C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EE25F42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EE25F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EE26122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EE25EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8EE1DE78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EE26036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EE25EF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8EE1E26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EE260DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F611822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EE1B7F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8EE1B34E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EE19742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EE197A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8EE1AD16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EE192F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EE194CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EE1945C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8EE1B066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8EE1B1C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8EE19556] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8F6118EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8EE1ACF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8F60FC42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EE1980E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8F61176E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8EE1A800] INT 0x52 ? 905BBCD0 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F62AE00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 836C1758 4 Bytes [10, 96, E1, 8E] .text ntkrnlpa.exe!KeSetEvent + 131 836C177C 4 Bytes [FA, 15, 61, 8F] .text ntkrnlpa.exe!KeSetEvent + 191 836C17DC 4 Bytes [E6, A0, E1, 8E] {OUT 0xa0, AL; LOOPZ 0xffffff92} .text ntkrnlpa.exe!KeSetEvent + 1D1 836C181C 8 Bytes [18, 5F, E2, 8E, 64, 5F, E2, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 836C1828 4 Bytes [FE, 60, E2, 8E] .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DC01360, 0x35B0A2, 0xE8000020] .text win32k.sys!EngCreateRectRgn + 4592 99C40531 5 Bytes JMP 8EE1F628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + FDC 99C506E9 5 Bytes JMP 8EE1F6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 99C596E9 5 Bytes JMP 8EE203FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 99C5A4D5 5 Bytes JMP 8EE2056C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C53 99C62C87 5 Bytes JMP 8EE1E9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 9360 99C63394 5 Bytes JMP 8EE1F88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 99C63BDD 5 Bytes JMP 8EE201B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30F0 99C6F3A7 5 Bytes JMP 8EE1F4DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4567 99C7081E 5 Bytes JMP 8EE1ED54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 46B6 99C7096D 5 Bytes JMP 8EE1F7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4C4B 99C70F02 5 Bytes JMP 8EE1F7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 5233 99C714EA 5 Bytes JMP 8EE1F2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A54 99C8A405 5 Bytes JMP 8EE1F22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11AA8 99C8A459 5 Bytes JMP 8EE1F508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 99CB15DD 5 Bytes JMP 8EE20060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DB 99CB3F39 5 Bytes JMP 8EE1EAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D4B 99CBA8BA 5 Bytes JMP 8EE1EDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B46 99CC4D70 5 Bytes JMP 8EE20614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 99CC7C5C 5 Bytes JMP 8EE1EBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 1D73 99CD1A77 5 Bytes JMP 8EE20162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + B99C 99CE2029 5 Bytes JMP 8EE1F6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 8C4 99CE621B 5 Bytes JMP 8EE2033C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6F8C 99CEC8E3 5 Bytes JMP 8EE20116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 99CF008A 5 Bytes JMP 8EE20284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4732 99CF79B3 5 Bytes JMP 8EE1ECDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E7F 99D15F66 5 Bytes JMP 8EE1F008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 24C 99D1B8AE 5 Bytes JMP 8EE1EEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 99D1F3E6 5 Bytes JMP 8EE204BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 3765 99D377E6 5 Bytes JMP 8EE1F70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A1B 99D3D945 5 Bytes JMP 8EE1EF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D29D 99D4A1C7 5 Bytes JMP 8EE1F150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + 10D14 99D4DC3E 5 Bytes JMP 8EE1F0AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ntdll.dll!LdrLoadDll 773D9378 5 Bytes [E9, 7B, 6E, D8, 88] {JMP 0x88d86e80} .text ntdll.dll!LdrUnloadDll 773EB680 5 Bytes [E9, 77, 4D, D7, 88] {JMP 0x88d74d7c} ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\rundll32.exe[392] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000801F8 .text C:\Windows\System32\rundll32.exe[392] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000803FC .text C:\Windows\System32\rundll32.exe[392] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\System32\rundll32.exe[392] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00090600 .text C:\Windows\System32\rundll32.exe[392] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00090804 .text C:\Windows\System32\rundll32.exe[392] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00090A08 .text C:\Windows\System32\rundll32.exe[392] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000901F8 .text C:\Windows\System32\rundll32.exe[392] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000903FC .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000A03FC .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 000A0600 .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 000A1014 .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 000A0804 .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 000A0A08 .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 000A0C0C .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 000A0E10 .text C:\Windows\System32\rundll32.exe[392] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000A01F8 .text C:\Windows\system32\csrss.exe[556] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\wininit.exe[608] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\csrss.exe[620] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\services.exe[652] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\lsass.exe[664] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 650DEEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] KERNEL32.dll!HeapSetInformation + 26 75C1A8B0 7 Bytes JMP 650E4CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] KERNEL32.dll!LockResource + C 75C36ACB 7 Bytes JMP 656E9778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] KERNEL32.dll!VirtualAllocEx + 54 75C3AF50 7 Bytes JMP 656E979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] GDI32.dll!SetStretchBltMode + 256 760F745C 7 Bytes JMP 656E96F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00081014 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00080C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00080E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1644] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\DigitalPersona\Bin\DpHostW.exe[1676] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text ... .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00181014 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00180C0C .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00180E10 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[1932] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\taskeng.exe[1960] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[1960] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[1960] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[1960] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[1960] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[1960] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[1960] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[1960] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1960] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00170600 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00170804 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001703FC .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001803FC .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00180600 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00181014 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00180804 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00180A08 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00180C0C .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00180E10 .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2200] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\wbem\unsecapp.exe[2268] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\unsecapp.exe[2268] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\unsecapp.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[2268] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2268] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[2268] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[2268] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[2268] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[2268] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000501F8 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000503FC .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 000C0600 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 000C0804 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 000C0A08 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000C01F8 .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2276] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000C03FC .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00170600 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00170804 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00170A08 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001701F8 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001703FC .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001803FC .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00180600 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00181014 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00180804 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00180A08 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00180C0C .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00180E10 .text C:\ProgramData\DatacardService\HWDeviceService.exe[2324] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2372] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001903FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 002603FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00260600 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00261014 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00260804 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00260A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00260C0C .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00260E10 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 002601F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00270600 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00270804 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00270A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 002701F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2392] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 002703FC .text C:\Windows\Explorer.EXE[2424] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[2424] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[2424] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[2424] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[2424] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[2424] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[2424] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[2424] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[2424] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2428] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001801F8 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001503FC .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00160600 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00160804 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001603FC .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2468] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2472] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[2472] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[2472] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[2472] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[2472] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[2472] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00110804 .text C:\Windows\system32\svchost.exe[2472] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00110A08 .text C:\Windows\system32\svchost.exe[2472] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001101F8 .text C:\Windows\system32\svchost.exe[2472] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001103FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001503FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00160600 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00160804 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001603FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2528] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\Dwm.exe[2604] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[2604] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[2604] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[2604] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[2604] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[2604] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[2604] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[2604] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[2604] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\rundll32.exe[2640] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000701F8 .text C:\Windows\System32\rundll32.exe[2640] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000703FC .text C:\Windows\System32\rundll32.exe[2640] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\System32\rundll32.exe[2640] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00090600 .text C:\Windows\System32\rundll32.exe[2640] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00090804 .text C:\Windows\System32\rundll32.exe[2640] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00090A08 .text C:\Windows\System32\rundll32.exe[2640] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000901F8 .text C:\Windows\System32\rundll32.exe[2640] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000903FC .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000A03FC .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 000A0600 .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 000A1014 .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 000A0804 .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 000A0A08 .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 000A0C0C .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 000A0E10 .text C:\Windows\System32\rundll32.exe[2640] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000A01F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 002601F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 002603FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00270600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00270804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00270A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 002701F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 002703FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 002803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00280600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00281014 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00280804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00280A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00280C0C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00280E10 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2664] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 002801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[2696] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2696] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00170600 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00170804 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00170A08 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001701F8 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001703FC .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001903FC .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00190600 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00191014 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00190804 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00190A08 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00190C0C .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00190E10 .text C:\ProgramData\DatacardService\DCSHelper.exe[2712] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[2736] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[2736] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[2736] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[2736] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00590600 .text C:\Windows\system32\svchost.exe[2736] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00590804 .text C:\Windows\system32\svchost.exe[2736] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00590A08 .text C:\Windows\system32\svchost.exe[2736] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 005901F8 .text C:\Windows\system32\svchost.exe[2736] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 005903FC .text C:\Windows\system32\svchost.exe[2748] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2748] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2748] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2748] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[2748] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[2748] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\SearchIndexer.exe[2796] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[2796] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[2796] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[2796] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2796] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[2796] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[2796] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[2796] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[2796] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001501F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001503FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001603FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00160600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00161014 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00160804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00160A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00160C0C .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00160E10 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001601F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00170600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00170804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2860] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001703FC .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00180600 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00180804 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00180A08 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001801F8 .text C:\Users\NADIA\Downloads\2h3rlqfh.exe[2868] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00181014 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00180C0C .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00180E10 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2892] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001801F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 002601F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 002603FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00270600 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00270804 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00270A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 002701F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 002703FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 002803FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00280600 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00281014 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00280804 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00280A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00280C0C .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00280E10 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3096] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 002801F8 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00180600 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00180804 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00180A08 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\DigitalPersona\Bin\DpAgent.exe[3124] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001803FC .text C:\Windows\notepad.exe[3276] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\notepad.exe[3276] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\notepad.exe[3276] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\notepad.exe[3276] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\notepad.exe[3276] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\notepad.exe[3276] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\notepad.exe[3276] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\notepad.exe[3276] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\notepad.exe[3276] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001503FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00160600 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00160804 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001603FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3520] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3540] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001903FC .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00190600 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00191014 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00190804 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00190A08 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00190C0C .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00190E10 .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[3548] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001901F8 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001503FC .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00160600 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00160804 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001603FC .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\QuickPlay\QPService.exe[3672] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3684] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001803FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001501F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001503FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00160600 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00160804 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001603FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3776] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\taskeng.exe[3844] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[3844] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[3844] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 005303FC .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00530600 .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00531014 .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00530804 .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00530A08 .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00530C0C .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00530E10 .text C:\Windows\system32\taskeng.exe[3844] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 005301F8 .text C:\Windows\system32\taskeng.exe[3844] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00540600 .text C:\Windows\system32\taskeng.exe[3844] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00540804 .text C:\Windows\system32\taskeng.exe[3844] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00540A08 .text C:\Windows\system32\taskeng.exe[3844] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 005401F8 .text C:\Windows\system32\taskeng.exe[3844] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 005403FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00171014 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00170C0C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00170E10 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3904] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001803FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3976] kernel32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\notepad.exe[4184] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\notepad.exe[4184] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\notepad.exe[4184] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000803FC .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00080600 .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00081014 .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00080804 .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00080A08 .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00080C0C .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00080E10 .text C:\Windows\notepad.exe[4184] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000801F8 .text C:\Windows\notepad.exe[4184] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00090600 .text C:\Windows\notepad.exe[4184] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00090804 .text C:\Windows\notepad.exe[4184] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00090A08 .text C:\Windows\notepad.exe[4184] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000901F8 .text C:\Windows\notepad.exe[4184] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000903FC .text C:\Windows\system32\notepad.exe[4188] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000A01F8 .text C:\Windows\system32\notepad.exe[4188] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000A03FC .text C:\Windows\system32\notepad.exe[4188] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\notepad.exe[4188] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\notepad.exe[4188] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\notepad.exe[4188] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\notepad.exe[4188] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\notepad.exe[4188] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\notepad.exe[4188] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000C03FC .text C:\Users\NADIA\Downloads\OTL.exe[4316] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 001601F8 .text C:\Users\NADIA\Downloads\OTL.exe[4316] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 001603FC .text C:\Users\NADIA\Downloads\OTL.exe[4316] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Users\NADIA\Downloads\OTL.exe[4316] user32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00180600 .text C:\Users\NADIA\Downloads\OTL.exe[4316] user32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00180804 .text C:\Users\NADIA\Downloads\OTL.exe[4316] user32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00180A08 .text C:\Users\NADIA\Downloads\OTL.exe[4316] user32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 001801F8 .text C:\Users\NADIA\Downloads\OTL.exe[4316] user32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 001803FC .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 001903FC .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00190600 .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00191014 .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00190804 .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00190A08 .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00190C0C .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00190E10 .text C:\Users\NADIA\Downloads\OTL.exe[4316] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\conime.exe[4708] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000501F8 .text C:\Windows\system32\conime.exe[4708] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000503FC .text C:\Windows\system32\conime.exe[4708] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00060600 .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00060C0C .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\conime.exe[4708] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\conime.exe[4708] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00070600 .text C:\Windows\system32\conime.exe[4708] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\conime.exe[4708] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\conime.exe[4708] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\conime.exe[4708] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\notepad.exe[5532] ntdll.dll!LdrLoadDll 773D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\notepad.exe[5532] ntdll.dll!LdrUnloadDll 773EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\notepad.exe[5532] KERNEL32.dll!GetBinaryTypeW + 70 75C42447 1 Byte [62] .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!CreateServiceW 76219EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!DeleteService 7621A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!SetServiceObjectSecurity 76256CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!ChangeServiceConfigA 76256DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!ChangeServiceConfigW 76256F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!ChangeServiceConfig2A 76257099 5 Bytes JMP 00070C0C .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!ChangeServiceConfig2W 762571E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\notepad.exe[5532] ADVAPI32.dll!CreateServiceA 762572A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\notepad.exe[5532] USER32.dll!SetWindowsHookExA 76DC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\notepad.exe[5532] USER32.dll!SetWindowsHookExW 76DC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\notepad.exe[5532] USER32.dll!UnhookWindowsHookEx 76DC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\notepad.exe[5532] USER32.dll!SetWinEventHook 76DC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\notepad.exe[5532] USER32.dll!UnhookWinEvent 76DCC06F 5 Bytes JMP 000803FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002 IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73510790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[2424] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6A50F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3976] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73510790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----