GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-18 13:01:45 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD800BEVS-22RST0 rev.04.01G04 Running: xbbw43pr.exe; Driver: C:\DOCUME~1\ola\USTAWI~1\Temp\pwtdrpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8287202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA82EDD8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA82AB6C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA82897F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8289848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA828995E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA82AB075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8289746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8289898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA828979A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA828990C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8287226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA82ABD87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA82AC03D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA8289BE2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA82ABBF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA82ABA5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA82EDE3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8286FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA828724A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8289D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8287CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8289820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8289870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8289988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA82AB3D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8289772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8289A1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA82898D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA82897C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8289AFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8289936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA82EDED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA82AB8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8287BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA82AB72A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA82F610E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA82AA6E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA828726E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8287292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA828704A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8287186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA82ABE8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8287162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA82871AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA82872B6] INT 0x62 ? 89A5CBF8 INT 0x63 ? 89649F00 INT 0x74 ? 89649F00 INT 0x82 ? 89A5CBF8 INT 0x84 ? 89649F00 INT 0x94 ? 89649F00 INT 0xA4 ? 89A5CBF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8303398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2694 80501ECC 4 Bytes [E8, A6, 2A, A8] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B840 4 Bytes CALL A8288335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CEE 5 Bytes JMP A82FED4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8B66 5 Bytes JMP A83007F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP A830339C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text ntkrnlpa.exe!ZwCallbackReturn + 2694 80501ECC 4 Bytes [E8, A6, 2A, A8] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B840 4 Bytes CALL A8288335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CEE 5 Bytes JMP A82FED4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8B66 5 Bytes JMP A83007F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP A830339C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? spor.sys Nie można odnaleźć określonego pliku. ! ? spor.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B91F18AC 5 Bytes JMP 896494E0 .text USBPORT.SYS!DllUnload B91F18AC 5 Bytes JMP 896494E0 .text af4jnyui.SYS B8F89386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text af4jnyui.SYS B8F893AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text af4jnyui.SYS B8F893C4 3 Bytes [00, 80, 02] .text af4jnyui.SYS B8F893C9 1 Byte [30] .text af4jnyui.SYS B8F893C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text win32k.sys!EngFreeUserMem + 674 BF8098FA 5 Bytes JMP A828ACA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138E9 5 Bytes JMP A828ABAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E750 5 Bytes JMP A8289E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 763C BF82864E 5 Bytes JMP A8289F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838524 5 Bytes JMP A828AE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF8098FA 5 Bytes JMP A828ACA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138E9 5 Bytes JMP A828ABAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A42 5 Bytes JMP A828AB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E750 5 Bytes JMP A8289E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B491 5 Bytes JMP A828B014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 763C BF82864E 5 Bytes JMP A8289F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text .text win32k.sys!EngCreateBitmap + D99E BF84582A 5 Bytes JMP A8289FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838524 5 Bytes JMP A828AE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text BF85277A 5 Bytes JMP A8289E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A42 5 Bytes JMP A828AB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B491 5 Bytes JMP A828B014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF8738DF 5 Bytes JMP A828AD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D99E BF84582A 5 Bytes JMP A8289FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF878789 5 Bytes JMP A828ABD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text .text win32k.sys!EngGetCurrentCodePage + 413A BF890A50 5 Bytes JMP A828A2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B2A .text win32k.sys!EngMultiByteToWideChar + 849D BF857CF7 5 Bytes JMP A828AF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text BF8B36BA 5 Bytes JMP A828A180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF8738DF 5 Bytes JMP A828AD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF878789 5 Bytes JMP A828ABD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9285 BF8C3136 5 Bytes JMP A828A03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890A50 5 Bytes JMP A828A2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 5039 BF8EDBA3 5 Bytes JMP A828A0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text .text win32k.sys!PATHOBJ_vGetBounds + 52B9 BF8EDE23 5 Bytes JMP A828A0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 74DF BF8F0049 5 Bytes JMP A8289D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BB5 BF8B3745 5 Bytes JMP A828A326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF912991 5 Bytes JMP A8289EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9285 BF8C3136 5 Bytes JMP A828A03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 5039 .text win32k.sys!EngCreateClip + 2595 BF8EDBA3 5 Bytes JMP A828A0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 52B9 BF8EDE23 5 Bytes JMP A828A0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF915EC4 5 Bytes JMP A828A440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 74DF BF8F0049 5 Bytes JMP A8289D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF943D27 5 Bytes JMP A828AECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF912991 5 Bytes JMP A8289EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2595 BF913565 5 Bytes JMP A828A008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF915EC4 5 Bytes JMP A828A440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF943D27 5 Bytes JMP A828AECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xA76C4000] .clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xA76C5000, 0x1000, 0x00000000] C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xA76C4000] .clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xA76C5000, 0x1000, 0x00000000] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01EC1014 .text .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01EC1014 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01EC0804 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01EC0804 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01EC0A08 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01EC0C0C .text .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01EC0C0C .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01EC0E10 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01EC0E10 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 01EC01F8 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 01EC03FC .text .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 01EC03FC .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01EC0600 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01ED0804 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01ED0A08 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01ED0600 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 01ED01F8 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 01ED03FC .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01ED0804 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01ED0A08 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01ED0600 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 01ED01F8 .text C:\Program Files\Nowe Gadu-Gadu\gg.exe[236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 01ED03FC .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!SetWinEventHook 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\DOCUME~1\ola\USTAWI~1\Temp\RtkBtMnt.exe[544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text .text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[572] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[572] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[572] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[588] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[588] kernel32.dll!GetBinaryTypeW + 80 .text C:\WINDOWS\Explorer.EXE[588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[588] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004D1014 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004D0804 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004D0A08 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004D0C0C .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004D0E10 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004D01F8 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004D03FC .text C:\WINDOWS\Explorer.EXE[588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004D1014 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004D0804 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004D0A08 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004D0600 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004D0C0C .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004D0E10 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004D01F8 .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004D03FC .text C:\WINDOWS\Explorer.EXE[588] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004D0600 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!SetWindowsHookExA .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!UnhookWindowsHookEx 7E381211 5 Bytes JMP 004E0600 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\WINDOWS\Explorer.EXE[588] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2A .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E27101 5 Bytes JMP 00300C0C .text .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceW 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E273A9 5 Bytes JMP 003003FC .text .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8 .text C:\WINDOWS\RTHDCPL.EXE[916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[916] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC .text C:\WINDOWS\RTHDCPL.EXE[916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text .text C:\WINDOWS\RTHDCPL.EXE[916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8 .text C:\WINDOWS\RTHDCPL.EXE[916] ntdll.dll!RtlDosSearchPath_U + 1D1 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text 7C9171CA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[916] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[916] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\smss.exe[924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\System32\smss.exe[924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!UnhookWindowsHookEx .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[952] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00701014 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00700804 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00700A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00700C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00700E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007001F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007003FC .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00700600 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00701014 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00700804 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00700A08 .text .text C:\Program Files\Mozilla Firefox\firefox.exe[956] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00710A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00710600 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00700C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00700E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007001F8 .text .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007003FC .text C:\Program Files\Mozilla Firefox\firefox.exe[956] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00700600 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00710804 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00710A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00710600 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007101F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[956] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007103FC .text C:\WINDOWS\system32\csrss.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[980] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[980] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00581014 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00580804 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00580A08 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00580C0C .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00580E10 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceA .text C:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!GetBinaryTypeW + 80 77E27211 5 Bytes JMP 005801F8 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005803FC .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00580600 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00581014 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00580804 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00580A08 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00580C0C .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00580E10 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005801F8 .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005803FC .text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00580600 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00590804 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00590A08 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00590600 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005901F8 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005903FC .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00590804 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00590A08 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00590600 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005901F8 .text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005903FC .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E27101 5 Bytes JMP 00300C0C .text .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E273A9 5 Bytes JMP 003003FC .text .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wuauclt.exe[1184] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[1184] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[1184] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[1184] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!UnhookWinEvent + 4 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\wuauclt.exe[1184] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[1184] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!DeleteService .text C:\WINDOWS\System32\svchost.exe[1320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1320] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1320] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!SetWindowsHookExW .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ntdll.dll!LdrUnloadDll 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1376] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text D:\Download\xbbw43pr.exe[1616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[1544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text D:\Download\xbbw43pr.exe[1616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text D:\Download\xbbw43pr.exe[1616] kernel32.dll!GetBinaryTypeW + 80 .text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!SetWinEventHook .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1840] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1840] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\oodag.exe[2200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\oodag.exe[2200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[2200] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe[1992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\oodag.exe[2200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\oodag.exe[2200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[2200] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\oodag.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\oodag.exe[2200] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\System32\svchost.exe[2264] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[2264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2264] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[2264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\oodag.exe[2200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[2264] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[2264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2264] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[2264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[2264] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[2264] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ntdll.dll!LdrLoadDll .text 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00421014 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00420804 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420A08 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00420C0C .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420E10 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004201F8 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004203FC .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00420600 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\wuauclt.exe[2512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[2512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2512] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00421014 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00420804 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420A08 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00420C0C .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420E10 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004201F8 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004203FC .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00420600 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!UnhookWindowsHookEx 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!DeleteService .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8 .text C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe[2396] USER32.dll!UnhookWinEvent 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\wuauclt.exe[2512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[2512] ntdll.dll!RtlDosSearchPath_U + 1D1 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!SetWindowsHookExA 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2512] ntdll.dll!LdrUnloadDll 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\wuauclt.exe[2512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\wuauclt.exe[2512] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[2512] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[3320] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spor.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB6042] spor.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spor.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB613E] spor.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spor.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB60C0] spor.sys IAT IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spor.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spor.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spor.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spor.sys IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\af4jnyui.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 89A5B1F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{E267B205-A615-4E4D-8497-475B416F7355} 88FA81F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{BC2E43EA-2B7F-4631-95DE-D523A19CEACA} 88FA81F8 Device \Driver\usbuhci \Device\USBPDO-0 898811F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89ACA1F8 Device \Driver\dmio \Device\DmControl\DmConfig 89ACA1F8 Device \Driver\dmio \Device\DmControl\DmPnP 89ACA1F8 Device \Driver\dmio \Device\DmControl\DmInfo 89ACA1F8 Device \Driver\usbuhci \Device\USBPDO-1 898811F8 Device \Driver\usbehci \Device\USBPDO-2 8963B1F8 Device \Driver\usbehci \Device\USBPDO-3 8963B1F8 Device \Driver\usbuhci \Device\USBPDO-4 898811F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-5 898811F8 Device \Driver\usbuhci \Device\USBPDO-6 898811F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 89A5D1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89A5D1F8 Device \Driver\Cdrom \Device\CdRom0 89832500 Device \Driver\atapi \Device\Ide\IdePort0 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 89832500 Device \Driver\sptd \Device\1423619652 spor.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 88FA81F8 Device \Driver\PCI_PNP8402 \Device\0000004b spor.sys Device \Driver\NetBT \Device\NetbiosSmb 88FA81F8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 898811F8 Device \Driver\usbuhci \Device\USBFDO-1 898811F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FA21F8 Device \Driver\usbehci \Device\USBFDO-2 8963B1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FA21F8 Device \Driver\usbuhci \Device\USBFDO-3 898811F8 Device \Driver\usbuhci \Device\USBFDO-4 898811F8 Device \Driver\Ftdisk \Device\FtControl 89A5D1F8 Device \Driver\usbuhci \Device\USBFDO-5 898811F8 Device \Driver\usbehci \Device\USBFDO-6 8963B1F8 Device \Driver\af4jnyui \Device\Scsi\af4jnyui1Port4Path0Target0Lun0 8961B500 Device \Driver\af4jnyui \Device\Scsi\af4jnyui1 8961B500 Device \FileSystem\Cdfs \Cdfs 89720500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x09 0x79 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0x0C 0x96 0x2E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE7 0xA3 0x02 0xFB ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 3B1CEDB4A267A669667EA5D0F622C4C2576A06A8437DB3229756E610F7E9DF8BCB420F66745CB941EEEC955AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5CFEBC9E127BECC74CC7054633CD39DFA86A90EE64FE04EE03B9B4BCF5EE71CAF319BE6F1BB25E0D8C413F18E53A5E444F2470D3131C6A59F819B3E04DA3A44FD4D218FA92BAAB41A635FA10A19B79459DE9AABDF5D3DA0C5ED02822D69DED62163C6C7D79FD3771A1FDC7232C3FC2DBC64047B513B2D625F73732BEFBC336E8AC971489B8DF746744EB58550E27D4588126F1573675C1970E949607E7324B1B919B8D44FB78B83F57C004C41888B05B08897A52ED1066296A273FE08BB8DC0441717AE93595BE6A2A35C49FDACD37D999D0D4EB8E27EDF55E1FB8C49ADA8283BB3620461BB5252D0CF13A28AC12B29E77D0197C2E966B6C3D2133408DCFB4CC077DEABDA390ED9FD397A73728A94B47E9D803EF29ED514FDCC784752003D0692BCC65448F8B00B0DBB972B72A1913C53A26F3C69CEC79359B1E241953939933B41EC2675D45251F805D27A85798FBDE38EEEC146D0C1F88D7A63174EA5632DA34DEDA42D20D0CFEA47F749C93975E2DB6D99781C275E30AF4D5EAE3EED1A4E33EF224097967C63C2D0E2B3D8 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x09 0x79 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0x0C 0x96 0x2E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE7 0xA3 0x02 0xFB ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\ola\Dane aplikacji\HPAppData\ClipData.dat 0 bytes ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 3B1CEDB4A267A669667EA5D0F622C4C2576A06A8437DB3229756E610F7E9DF8BCB420F66745CB941EEEC955AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5CFEBC9E127BECC74CC7054633CD39DFA86A90EE64FE04EE03B9B4BCF5EE71CAF319BE6F1BB25E0D8C413F18E53A5E444F2470D3131C6A59F819B3E04DA3A44FD4D218FA92BAAB41A635FA10A19B79459DE9AABDF5D3DA0C5ED02822D69DED62163C6C7D79FD3771A1FDC7232C3FC2DBC64047B513B2D625F73732BEFBC336E8AC971489B8DF746744EB58550E27D4588126F1573675C1970E949607E7324B1B919B8D44FB78B83F57C004C41888B05B08897A52ED1066296A273FE08BB8DC0441717AE93595BE6A2A35C49FDACD37D999D0D4EB8E27EDF55E1FB8C49ADA8283BB3620461BB5252D0CF13A28AC12B29E77D0197C2E966B6C3D2133408DCFB4CC077DEABDA390ED9FD397A73728A94B47E9D803EF29ED514FDCC784752003D0692BCC65448F8B00B0DBB972B72A1913C53A26F3C69CEC79359B1E241953939933B41EC2675D45251F805D27A85798FBDE38EEEC146D0C1F88D7A63174EA5632DA34DEDA42D20D0CFEA47F749C93975E2DB6D99781C275E30AF4D5EAE3EED1A4E33EF224097967C63C2D0E2B3D8 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\ola\Ustawienia lokalne\Temp\plugtmp-268 0 bytes ---- EOF - GMER 1.0.15 ----