GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-03 12:38:15 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980811AS rev.3.ALD Running: 8uiklu87.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kgtdrpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8B6E19CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8B6E3EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8B6E3F04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8B6E401A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8B6E3E02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8B6E3F54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8B6E3E56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8B6E3FC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8B6E19EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8B6E17B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8B6E1A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8B6E4412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8B6E24AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8B6E3EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8B6E3F2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8B6E4044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8B6E3E2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8B6E3F94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8B6E3E84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8B6E3FF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8B6E2370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8B6E1A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8B6E1A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8B6E1812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8B6E194E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8B6E192A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8B6E1972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8B6E1A7E] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828BD890 4 Bytes [CA, 19, 6E, 8B] .text ntkrnlpa.exe!KeSetEvent + 1D1 828BD954 8 Bytes [AC, 3E, 6E, 8B, 04, 3F, 6E, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 828BD960 4 Bytes [1A, 40, 6E, 8B] .text ntkrnlpa.exe!KeSetEvent + 1F5 828BD978 4 Bytes [02, 3E, 6E, 8B] .text ntkrnlpa.exe!KeSetEvent + 215 828BD998 8 Bytes [54, 3F, 6E, 8B, 56, 3E, 6E, ...] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A4AE18 4 Bytes CALL 8B6E2E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A4EA8C 4 Bytes CALL 8B6E2E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\p2phost.exe[272] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\p2phost.exe[272] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0008006C .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000800A8 .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000801D4 .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000800E4 .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00080120 .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0008015C .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00080198 .text C:\Windows\System32\p2phost.exe[272] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00080030 .text C:\Windows\System32\p2phost.exe[272] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000900A8 .text C:\Windows\System32\p2phost.exe[272] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000900E4 .text C:\Windows\System32\p2phost.exe[272] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00090120 .text C:\Windows\System32\p2phost.exe[272] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00090030 .text C:\Windows\System32\p2phost.exe[272] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0009006C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0017006C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001700A8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001701D4 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001700E4 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170120 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0017015C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170198 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00170030 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001800A8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001800E4 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00180120 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00180030 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[292] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0018006C .text C:\Windows\system32\wininit.exe[576] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00030030 .text C:\Windows\system32\wininit.exe[576] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0003006C .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0005006C .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000500A8 .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000501D4 .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000500E4 .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00050120 .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0005015C .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00050198 .text C:\Windows\system32\wininit.exe[576] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00050030 .text C:\Windows\system32\wininit.exe[576] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000600A8 .text C:\Windows\system32\wininit.exe[576] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000600E4 .text C:\Windows\system32\wininit.exe[576] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00060120 .text C:\Windows\system32\wininit.exe[576] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00060030 .text C:\Windows\system32\wininit.exe[576] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0006006C .text C:\Windows\system32\winlogon.exe[616] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00030030 .text C:\Windows\system32\winlogon.exe[616] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0003006C .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0005006C .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000500A8 .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000501D4 .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000500E4 .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00050120 .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0005015C .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00050198 .text C:\Windows\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00050030 .text C:\Windows\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000600A8 .text C:\Windows\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000600E4 .text C:\Windows\system32\winlogon.exe[616] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00060120 .text C:\Windows\system32\winlogon.exe[616] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00060030 .text C:\Windows\system32\winlogon.exe[616] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0006006C .text C:\Windows\system32\services.exe[656] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\services.exe[656] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\services.exe[656] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\lsass.exe[676] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00090030 .text C:\Windows\system32\lsass.exe[676] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0009006C .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000C006C .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000C00A8 .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000C01D4 .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000C00E4 .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 000C0120 .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 000C015C .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 000C0198 .text C:\Windows\system32\lsass.exe[676] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000C0030 .text C:\Windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000D00A8 .text C:\Windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000D00E4 .text C:\Windows\system32\lsass.exe[676] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000D0120 .text C:\Windows\system32\lsass.exe[676] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000D0030 .text C:\Windows\system32\lsass.exe[676] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000D006C .text C:\Windows\system32\lsm.exe[684] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\lsm.exe[684] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\lsm.exe[684] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001F00A8 .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001F00E4 .text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 001F0120 .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001F0030 .text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001F006C .text C:\Windows\System32\svchost.exe[964] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00090030 .text C:\Windows\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0009006C .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000B006C .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000B00A8 .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000B01D4 .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000B00E4 .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 000B0120 .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 000B015C .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 000B0198 .text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000B0030 .text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001D00A8 .text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001D00E4 .text C:\Windows\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 001D0120 .text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001D0030 .text C:\Windows\System32\svchost.exe[964] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001D006C .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000B006C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000B00A8 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000B01D4 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000B00E4 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 000B0120 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 000B015C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 000B0198 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000B0030 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 006B00A8 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 006B00E4 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 006B0120 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 006B0030 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 006B006C .text C:\Windows\System32\spoolsv.exe[1076] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\spoolsv.exe[1076] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\spoolsv.exe[1076] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\spoolsv.exe[1076] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001100A8 .text C:\Windows\System32\spoolsv.exe[1076] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001100E4 .text C:\Windows\System32\spoolsv.exe[1076] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00110120 .text C:\Windows\System32\spoolsv.exe[1076] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00110030 .text C:\Windows\System32\spoolsv.exe[1076] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0011006C .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 010000A8 .text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 010000E4 .text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 01000120 .text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 01000030 .text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0100006C .text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001100A8 .text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001100E4 .text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00110120 .text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00110030 .text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0011006C .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0008006C .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000800A8 .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000801D4 .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000800E4 .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00080120 .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0008015C .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00080198 .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00080030 .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00D100A8 .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00D100E4 .text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00D10120 .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00D10030 .text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 00D1006C .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000D00A8 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000D00E4 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000D0120 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000D0030 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000D006C .text C:\Windows\system32\Dwm.exe[1680] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\Dwm.exe[1680] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\Dwm.exe[1680] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\Dwm.exe[1680] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\Dwm.exe[1680] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\Dwm.exe[1680] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\Dwm.exe[1680] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\Dwm.exe[1680] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\Explorer.EXE[1696] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\Explorer.EXE[1696] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\Explorer.EXE[1696] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\Explorer.EXE[1696] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\Explorer.EXE[1696] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\Explorer.EXE[1696] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\Explorer.EXE[1696] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\Explorer.EXE[1696] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1772] kernel32.dll!SetUnhandledExceptionFilter 76E6A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Windows\system32\svchost.exe[1836] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1836] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1836] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002200A8 .text C:\Windows\system32\svchost.exe[1836] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002200E4 .text C:\Windows\system32\svchost.exe[1836] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00220120 .text C:\Windows\system32\svchost.exe[1836] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00220030 .text C:\Windows\system32\svchost.exe[1836] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0022006C .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0008006C .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000800A8 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000801D4 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000800E4 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00080120 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0008015C .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00080198 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00080030 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000900A8 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000900E4 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00090120 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00090030 .text C:\Program Files\Windows Defender\MSASCui.exe[1880] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0009006C .text C:\Windows\System32\igfxtray.exe[1904] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00140030 .text C:\Windows\System32\igfxtray.exe[1904] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0014006C .text C:\Windows\System32\igfxtray.exe[1904] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002600A8 .text C:\Windows\System32\igfxtray.exe[1904] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002600E4 .text C:\Windows\System32\igfxtray.exe[1904] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00260120 .text C:\Windows\System32\igfxtray.exe[1904] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00260030 .text C:\Windows\System32\igfxtray.exe[1904] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0026006C .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0027006C .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 002700A8 .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 002701D4 .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 002700E4 .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00270120 .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0027015C .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00270198 .text C:\Windows\System32\igfxtray.exe[1904] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00270030 .text C:\Windows\System32\hkcmd.exe[1920] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00140030 .text C:\Windows\System32\hkcmd.exe[1920] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0014006C .text C:\Windows\System32\hkcmd.exe[1920] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001600A8 .text C:\Windows\System32\hkcmd.exe[1920] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001600E4 .text C:\Windows\System32\hkcmd.exe[1920] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00160120 .text C:\Windows\System32\hkcmd.exe[1920] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00160030 .text C:\Windows\System32\hkcmd.exe[1920] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0016006C .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0017006C .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001700A8 .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001701D4 .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001700E4 .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170120 .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0017015C .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170198 .text C:\Windows\System32\hkcmd.exe[1920] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00170030 .text C:\Windows\System32\igfxpers.exe[1940] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00140030 .text C:\Windows\System32\igfxpers.exe[1940] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0014006C .text C:\Windows\System32\igfxpers.exe[1940] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001600A8 .text C:\Windows\System32\igfxpers.exe[1940] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001600E4 .text C:\Windows\System32\igfxpers.exe[1940] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00160120 .text C:\Windows\System32\igfxpers.exe[1940] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00160030 .text C:\Windows\System32\igfxpers.exe[1940] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0016006C .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0017006C .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001700A8 .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001701D4 .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001700E4 .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170120 .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0017015C .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170198 .text C:\Windows\System32\igfxpers.exe[1940] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00170030 .text C:\Windows\RtHDVCpl.exe[1948] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Windows\RtHDVCpl.exe[1948] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0017006C .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001700A8 .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001701D4 .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001700E4 .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170120 .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0017015C .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170198 .text C:\Windows\RtHDVCpl.exe[1948] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00170030 .text C:\Windows\RtHDVCpl.exe[1948] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001800A8 .text C:\Windows\RtHDVCpl.exe[1948] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001800E4 .text C:\Windows\RtHDVCpl.exe[1948] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00180120 .text C:\Windows\RtHDVCpl.exe[1948] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00180030 .text C:\Windows\RtHDVCpl.exe[1948] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0018006C .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 00C4006C .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 00C400A8 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 00C401D4 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 00C400E4 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00C40120 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 00C4015C .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00C40198 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00C40030 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00C500A8 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00C500E4 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00C50120 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00C50030 .text C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe[1956] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 00C5006C .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001700A8 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001700E4 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170120 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00170030 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0017006C .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0018006C .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001800A8 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001801D4 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001800E4 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00180120 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0018015C .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00180198 .text C:\Acer\Empowering Technology\eDSMSNfix.exe[1968] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00180030 .text C:\Program Files\Launch Manager\LManager.exe[1976] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Program Files\Launch Manager\LManager.exe[1976] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Program Files\Launch Manager\LManager.exe[1976] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 003200A8 .text C:\Program Files\Launch Manager\LManager.exe[1976] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003200E4 .text C:\Program Files\Launch Manager\LManager.exe[1976] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00320120 .text C:\Program Files\Launch Manager\LManager.exe[1976] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00320030 .text C:\Program Files\Launch Manager\LManager.exe[1976] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0032006C .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0033006C .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 003300A8 .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 003301D4 .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 003300E4 .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00330120 .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0033015C .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00330198 .text C:\Program Files\Launch Manager\LManager.exe[1976] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00330030 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0034006C .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 003400A8 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 003401D4 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 003400E4 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00340120 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0034015C .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00340198 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00340030 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 003500A8 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003500E4 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00350120 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00350030 .text C:\Users\Acer\Downloads\8uiklu87.exe[1988] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0035006C .text C:\Windows\system32\taskeng.exe[2016] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\taskeng.exe[2016] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0008006C .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000800A8 .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000801D4 .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000800E4 .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00080120 .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0008015C .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00080198 .text C:\Windows\system32\taskeng.exe[2016] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00080030 .text C:\Windows\system32\taskeng.exe[2016] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000900A8 .text C:\Windows\system32\taskeng.exe[2016] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000900E4 .text C:\Windows\system32\taskeng.exe[2016] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00090120 .text C:\Windows\system32\taskeng.exe[2016] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00090030 .text C:\Windows\system32\taskeng.exe[2016] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0009006C .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00160030 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0016006C .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002800A8 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002800E4 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00280120 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00280030 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0028006C .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0029006C .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 002900A8 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 002901D4 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 002900E4 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00290120 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0029015C .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00290198 .text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2160] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00290030 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0018006C .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001800A8 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001801D4 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001800E4 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00180120 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0018015C .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00180198 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00180030 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001900A8 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001900E4 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00190120 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00190030 .text C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe[2248] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0019006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00040030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0004006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0006006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000600A8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000601D4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000600E4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00060120 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0006015C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00060198 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00060030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000700A8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000700E4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070120 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00070030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2316] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0007006C .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00090030 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0009006C .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000B006C .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000B00A8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000B01D4 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000B00E4 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 000B0120 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 000B015C .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 000B0198 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000B0030 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000C00A8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000C00E4 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000C0120 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000C0030 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2524] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000C006C .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0026006C .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 002600A8 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 002601D4 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 002600E4 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00260120 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0026015C .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00260198 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00260030 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002700A8 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002700E4 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00270120 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00270030 .text C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe[2564] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0027006C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00150030 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0015006C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001900A8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001900E4 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00190120 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00190030 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0019006C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 001B006C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001B00A8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001B01D4 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001B00E4 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 001B0120 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 001B015C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 001B0198 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2752] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 001B0030 .text C:\Windows\system32\svchost.exe[2840] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00090030 .text C:\Windows\system32\svchost.exe[2840] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0009006C .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000B006C .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000B00A8 .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000B01D4 .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000B00E4 .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 000B0120 .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 000B015C .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 000B0198 .text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000B0030 .text C:\Windows\system32\svchost.exe[2840] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 006700A8 .text C:\Windows\system32\svchost.exe[2840] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 006700E4 .text C:\Windows\system32\svchost.exe[2840] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00670120 .text C:\Windows\system32\svchost.exe[2840] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00670030 .text C:\Windows\system32\svchost.exe[2840] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0067006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00140030 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0014006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001600A8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001600E4 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00160120 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00160030 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0016006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0017006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001700A8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001701D4 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001700E4 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170120 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0017015C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170198 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2864] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00170030 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00090030 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0009006C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000B006C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000B00A8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000B01D4 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000B00E4 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 000B0120 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 000B015C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 000B0198 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2896] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000B0030 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 000D0030 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 000D006C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 000F006C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000F00A8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000F01D4 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000F00E4 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 000F0120 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 000F015C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 000F0198 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 000F0030 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001000A8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001000E4 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00100120 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00100030 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2952] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0010006C .text C:\Windows\system32\svchost.exe[2984] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[2984] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0008006C .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000800A8 .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000801D4 .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000800E4 .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00080120 .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0008015C .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00080198 .text C:\Windows\system32\svchost.exe[2984] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00080030 .text C:\Windows\System32\svchost.exe[3012] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[3012] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\SearchIndexer.exe[3032] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\SearchIndexer.exe[3032] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\SearchIndexer.exe[3032] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\WUDFHost.exe[3136] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\WUDFHost.exe[3136] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000B00A8 .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B00E4 .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000B0120 .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000B0030 .text C:\Windows\system32\WUDFHost.exe[3136] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000B006C .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00140030 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0014006C .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0016006C .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001600A8 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001601D4 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001600E4 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00160120 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0016015C .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 3 Bytes JMP 00160198 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W + 4 779571E5 1 Byte [88] .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00160030 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001700A8 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001700E4 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170120 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00170030 .text C:\Windows\system32\DRIVERS\xaudio.exe[3156] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0017006C .text C:\Windows\system32\igfxsrvc.exe[3328] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00140030 .text C:\Windows\system32\igfxsrvc.exe[3328] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0014006C .text C:\Windows\system32\igfxsrvc.exe[3328] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001600A8 .text C:\Windows\system32\igfxsrvc.exe[3328] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001600E4 .text C:\Windows\system32\igfxsrvc.exe[3328] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00160120 .text C:\Windows\system32\igfxsrvc.exe[3328] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00160030 .text C:\Windows\system32\igfxsrvc.exe[3328] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0016006C .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0017006C .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001700A8 .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001701D4 .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001700E4 .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170120 .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0017015C .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170198 .text C:\Windows\system32\igfxsrvc.exe[3328] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00170030 .text C:\Windows\system32\igfxext.exe[3356] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00140030 .text C:\Windows\system32\igfxext.exe[3356] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0014006C .text C:\Windows\system32\igfxext.exe[3356] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001600A8 .text C:\Windows\system32\igfxext.exe[3356] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001600E4 .text C:\Windows\system32\igfxext.exe[3356] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00160120 .text C:\Windows\system32\igfxext.exe[3356] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00160030 .text C:\Windows\system32\igfxext.exe[3356] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0016006C .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0017006C .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 001700A8 .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 001701D4 .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 001700E4 .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00170120 .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0017015C .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00170198 .text C:\Windows\system32\igfxext.exe[3356] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00170030 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\wbem\unsecapp.exe[3928] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\wbem\unsecapp.exe[3928] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\wbem\unsecapp.exe[3928] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\wbem\unsecapp.exe[3928] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\taskeng.exe[4084] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\taskeng.exe[4084] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\taskeng.exe[4084] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\taskeng.exe[4084] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\taskeng.exe[4084] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\taskeng.exe[4084] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\taskeng.exe[4084] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\taskeng.exe[4084] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\svchost.exe[4396] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[4396] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[4396] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00070030 .text C:\Windows\servicing\TrustedInstaller.exe[5896] ntdll.dll!LdrLoadDll 779C93A8 5 Bytes JMP 00040030 .text C:\Windows\servicing\TrustedInstaller.exe[5896] ntdll.dll!LdrUnloadDll 779DB740 5 Bytes JMP 0004006C .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!CreateServiceW 77919EB4 5 Bytes JMP 0006006C .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!DeleteService 7791A07E 5 Bytes JMP 000600A8 .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!SetServiceObjectSecurity 77956CD9 5 Bytes JMP 000601D4 .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!ChangeServiceConfigA 77956DD9 5 Bytes JMP 000600E4 .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!ChangeServiceConfigW 77956F81 5 Bytes JMP 00060120 .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!ChangeServiceConfig2A 77957099 5 Bytes JMP 0006015C .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!ChangeServiceConfig2W 779571E1 5 Bytes JMP 00060198 .text C:\Windows\servicing\TrustedInstaller.exe[5896] ADVAPI32.dll!CreateServiceA 779572A1 5 Bytes JMP 00060030 .text C:\Windows\servicing\TrustedInstaller.exe[5896] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000700A8 .text C:\Windows\servicing\TrustedInstaller.exe[5896] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000700E4 .text C:\Windows\servicing\TrustedInstaller.exe[5896] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070120 .text C:\Windows\servicing\TrustedInstaller.exe[5896] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00070030 .text C:\Windows\servicing\TrustedInstaller.exe[5896] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0007006C ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7489F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7489E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7489FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7489FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7492CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7489D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74896853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7489687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----