GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-11 15:53:15 Windows 5.1.2600 Dodatek Service Pack 3 Running: pxmkrol6.exe; Driver: H:\DOCUME~1\user\USTAWI~1\Temp\afrcrpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB45B3202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB4619D8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB45D76C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB45B57F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB45B5848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB45B595E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB45D7075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB45B5746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB45B5898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB45B579A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB45B590C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB45B3226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB45D7D87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB45D803D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB45B5BE2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB45D7BF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB45D7A5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB4619E3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB45B2FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB45B324A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB45B5D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB45B3CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB45B5820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB45B5870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB45B5988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB45D73D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB45B5772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB45B5A1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB45B58D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB45B57C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB45B5AFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB45B5936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB4619ED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB45D78D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB45B3BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB45D772A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB462210E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB45D66E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB45B326E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB45B3292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB45B304A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB45B3186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB45D7E8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB45B3162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB45B31AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB45B32B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB462F398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CF4 80504590 2 Bytes [E2, 5B] {LOOP 0x5d} .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 2 Bytes [0E, 21] .text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 66, 5D, B4] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B45B4335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B462AD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B462C7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B462F39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70593A0, 0x88C445, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP B45B6CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP B45B6BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP B45B5F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP B45B6E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP B45B7014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP B45B6B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP B45B5E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP B45B6180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP B45B6326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP B45B5E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP B45B6BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP B45B62FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP B45B6D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP B45B6F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP B45B5FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP B45B603E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP B45B60AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP B45B60E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP B45B5D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP B45B5EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP B45B6008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP B45B6440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP B45B6ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Java\jre6\bin\jqs.exe[164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\Java\jre6\bin\jqs.exe[164] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00421014 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00420804 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00420A08 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00420C0C .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00420E10 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004201F8 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004203FC .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00420600 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00430804 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00430A08 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00430600 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004301F8 .text H:\Program Files\Common Files\LightScribe\LSSrvc.exe[216] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004303FC .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00650804 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00650A08 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00650600 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006501F8 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006503FC .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00661014 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00660804 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00660A08 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00660C0C .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00660E10 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006601F8 .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006603FC .text H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[228] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00660600 .text H:\WINDOWS\system32\nvsvc32.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\WINDOWS\system32\nvsvc32.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\nvsvc32.exe[248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\WINDOWS\system32\nvsvc32.exe[248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\WINDOWS\system32\nvsvc32.exe[248] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\WINDOWS\system32\nvsvc32.exe[248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\WINDOWS\system32\nvsvc32.exe[248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\WINDOWS\system32\nvsvc32.exe[248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\WINDOWS\system32\nvsvc32.exe[248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\WINDOWS\system32\nvsvc32.exe[248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Documents and Settings\user\Bluebirds\BlueBirds.exe[536] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[564] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\WINDOWS\System32\smss.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\csrss.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text H:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text H:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\winlogon.exe[752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\winlogon.exe[752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text h:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text H:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\services.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\services.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\services.exe[796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\services.exe[796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\services.exe[796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\services.exe[796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\services.exe[796] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\lsass.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\lsass.exe[808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\lsass.exe[808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\lsass.exe[808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\lsass.exe[808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\lsass.exe[808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\WINDOWS\system32\PnkBstrA.exe[992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text H:\WINDOWS\system32\PnkBstrA.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\PnkBstrA.exe[992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text H:\WINDOWS\system32\PnkBstrA.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\PnkBstrA.exe[992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text H:\WINDOWS\system32\PnkBstrA.exe[992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text H:\WINDOWS\system32\PnkBstrA.exe[992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text H:\WINDOWS\system32\PnkBstrA.exe[992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text H:\WINDOWS\system32\PnkBstrA.exe[992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\WINDOWS\system32\PnkBstrA.exe[992] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\System32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\System32\svchost.exe[1136] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\svchost.exe[1184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\svchost.exe[1184] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\ArcaBit\Common\ArcaConfSV.exe[1296] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe[1308] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\svchost.exe[1348] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8 .text H:\Program Files\ArcaBit\Common\ArcaTasksService.exe[1360] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC .text H:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\svchost.exe[1428] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\svchost.exe[1428] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text H:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe[1664] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8 .text H:\Program Files\ArcaBit\ArcaUpdate\update.exe[1784] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00821014 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00820804 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00820A08 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00820C0C .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00820E10 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008201F8 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008203FC .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00820600 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00830804 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104AC647 H:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00830A08 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00830600 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008301F8 .text H:\Program Files\Mozilla Firefox\firefox.exe[1856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008303FC .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\CyberLink\Shared Files\RichVideo.exe[1860] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\spoolsv.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\spoolsv.exe[2008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC .text H:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C H:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text H:\WINDOWS\system32\SearchIndexer.exe[2188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00361014 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00360804 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00360A08 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00360C0C .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00360E10 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003601F8 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003603FC .text H:\WINDOWS\system32\SearchIndexer.exe[2188] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00360600 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8 .text H:\WINDOWS\system32\SearchIndexer.exe[2188] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe[2264] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\WINDOWS\system32\SearchFilterHost.exe[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\SearchFilterHost.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] kernel32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 003E03FC .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] kernel32.dll!SetProcessShutdownParameters 7C82C8FD 5 Bytes JMP 003E01F8 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] kernel32.dll!SetLocaleInfoW 7C877FB3 5 Bytes JMP 003E0600 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!GetWindowLongW 7E3688A6 5 Bytes JMP 00C42238 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!GetWindowLongA 7E36945D 5 Bytes JMP 00C42034 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 00C42A48 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C4345C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 00C43A68 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 00C43054 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C40804 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!GetPropW 7E3794B3 5 Bytes JMP 00C41218 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!RemovePropW 7E37C076 5 Bytes JMP 00C41A28 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetPropW 7E37C0B9 2 Bytes JMP 00C41620 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetPropW + 3 7E37C0BC 2 Bytes [8C, 82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 00C4243C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 00C42640 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00C41E30 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C40A08 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 00C41C2C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetPropA 7E380000 5 Bytes JMP 00C4141C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!GetPropA 7E380042 5 Bytes JMP 00C41014 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!RemovePropA 7E380094 5 Bytes JMP 00C41824 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetWindowsHookExA 7E381211 3 Bytes JMP 00C40600 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetWindowsHookExA + 4 7E381215 1 Byte [82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetWinEventHook 7E3817F7 3 Bytes JMP 00C401F8 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!SetWinEventHook + 4 7E3817FB 1 Byte [82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C403FC .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00C43864 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogIndirectParamA 7E389B28 3 Bytes JMP 00C42C4C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogIndirectParamA + 4 7E389B2C 1 Byte [82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!DialogBoxParamA 7E38B144 3 Bytes JMP 00C43258 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!DialogBoxParamA + 4 7E38B148 1 Byte [82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogParamA 7E38C7DB 3 Bytes JMP 00C42844 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogParamA + 4 7E38C7DF 1 Byte [82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogIndirectParamW 7E38F01F 3 Bytes JMP 00C42E50 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!CreateDialogIndirectParamW + 4 7E38F023 1 Byte [82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00C43660 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!ExitWindowsEx 7E3AA275 5 Bytes JMP 00C40C0C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] user32.dll!LockWorkStation 7E3BCD5E 5 Bytes JMP 00C40E10 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!LookupAccountNameW 77DD5B59 5 Bytes JMP 00641C2C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!ReportEventW 77DE3681 5 Bytes JMP 00641A28 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!DeregisterEventSource 77DE79D3 5 Bytes JMP 00641620 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!RegisterEventSourceA 77DE7B60 5 Bytes JMP 00641218 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!ReportEventA 77DE7CB2 5 Bytes JMP 00641824 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!RegisterEventSourceW 77DE803C 5 Bytes JMP 0064141C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!RegConnectRegistryW 77DE817A 5 Bytes JMP 00641E30 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00641014 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00640804 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00640A08 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00640C0C .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00640E10 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 006401F8 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006403FC .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 00640600 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] Secur32.dll!LsaRegisterLogonProcess 77FE4D17 5 Bytes JMP 00F901F8 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] USERENV.dll!RegisterGPNotification 769A8607 5 Bytes JMP 012401F8 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] USERENV.dll!UnregisterGPNotification 769B9894 5 Bytes JMP 012403FC .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] WS2_32.dll!connect 71A54A07 5 Bytes JMP 012E01F8 .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.exe[2300] WS2_32.dll!listen 71A58CD3 5 Bytes JMP 012E03FC .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text H:\Program Files\Windows Desktop Search\WindowsSearch.exe[2636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text H:\WINDOWS\system32\SearchProtocolHost.exe[2728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text H:\WINDOWS\Explorer.EXE[2776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\Explorer.EXE[2776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\Explorer.EXE[2776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\Explorer.EXE[2776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text H:\WINDOWS\Explorer.EXE[2776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text H:\WINDOWS\Explorer.EXE[2776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text H:\WINDOWS\Explorer.EXE[2776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text H:\WINDOWS\Explorer.EXE[2776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text H:\WINDOWS\Explorer.EXE[2776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text H:\WINDOWS\Explorer.EXE[2776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text H:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text H:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\wuauclt.exe[2824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text H:\WINDOWS\system32\wuauclt.exe[2824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text H:\WINDOWS\system32\wuauclt.exe[2824] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text H:\WINDOWS\system32\wuauclt.exe[2824] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text H:\WINDOWS\system32\wuauclt.exe[2824] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text H:\WINDOWS\system32\wuauclt.exe[2824] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text H:\WINDOWS\system32\wuauclt.exe[2824] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text H:\WINDOWS\system32\wuauclt.exe[2824] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text H:\WINDOWS\system32\wuauclt.exe[2824] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\pxmkrol6.exe[2864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Documents and Settings\user\Moje dokumenty\Pobieranie\pxmkrol6.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2908] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text H:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text H:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\RTHDCPL.EXE[3008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text H:\WINDOWS\RTHDCPL.EXE[3008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text H:\WINDOWS\RTHDCPL.EXE[3008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text H:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\WINDOWS\RTHDCPL.EXE[3008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\lg_fwupdate\fwupdate.exe[3080] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3116] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\wbem\wmiapsrv.exe[3332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3440] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\ArcaBit\ArcaVir\AVMenu.exe[3468] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3488] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3568] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004B0804 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004B0A08 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004B0600 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004B01F8 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004B03FC .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 004C1014 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 004C0804 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 004C0A08 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 004C0C0C .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 004C0E10 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004C01F8 .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004C03FC .text H:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3580] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 004C0600 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00461014 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00460804 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00460A08 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00460C0C .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00460E10 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004601F8 .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004603FC .text H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3608] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00460600 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00461014 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00460804 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00460A08 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00460C0C .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00460E10 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004601F8 .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004603FC .text H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[3688] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00460600 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3736] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text H:\Program Files\Common Files\Java\Java Update\jusched.exe[3824] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text H:\Program Files\AVAST Software\Avast\avastUI.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\Program Files\AVAST Software\Avast\avastUI.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\RunDLL32.exe[3860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\system32\RunDLL32.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\RunDLL32.exe[3860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\system32\RunDLL32.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\RunDLL32.exe[3860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text H:\WINDOWS\system32\RunDLL32.exe[3860] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text H:\WINDOWS\system32\RunDLL32.exe[3860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text H:\WINDOWS\system32\RunDLL32.exe[3860] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text H:\WINDOWS\system32\RunDLL32.exe[3860] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text H:\WINDOWS\system32\RunDLL32.exe[3860] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text H:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text H:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text H:\WINDOWS\system32\ctfmon.exe[3920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text H:\WINDOWS\system32\ctfmon.exe[3920] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text H:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text H:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text H:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text H:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text H:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text H:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text H:\WINDOWS\System32\alg.exe[4084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text H:\WINDOWS\System32\alg.exe[4084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text H:\WINDOWS\System32\alg.exe[4084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text H:\WINDOWS\System32\alg.exe[4084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text H:\WINDOWS\System32\alg.exe[4084] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text H:\WINDOWS\System32\alg.exe[4084] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text H:\WINDOWS\System32\alg.exe[4084] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text H:\WINDOWS\System32\alg.exe[4084] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text H:\WINDOWS\System32\alg.exe[4084] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text H:\WINDOWS\System32\alg.exe[4084] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT H:\WINDOWS\system32\services.exe[796] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT H:\WINDOWS\system32\services.exe[796] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk1\DR3 sector 00: rootkit-like behavior ---- Files - GMER 1.0.15 ---- File H:\## aswSnx private storage 0 bytes File H:\## aswSnx private storage\r28 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97} 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\attrib 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings\user 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings\user\Moje dokumenty 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings\user\Moje dokumenty\Pobieranie 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings\user\Moje dokumenty\Pobieranie\Extras.Txt 57402 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings\user\Moje dokumenty\Pobieranie\OTL.Txt 90964 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings\user\NTUSER.DAT 6815744 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\Documents and Settings\user\ntuser.dat.LOG 1024 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS\SchedLgU.Txt 32362 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS\Sti_Trace.log 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS\System32 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS\System32\h323log.txt 0 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS\wiadebug.log 259 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS\wiaservc.log 50 bytes File H:\## aswSnx private storage\r28\OTL.exe_{9d260b51-c40d-11e0-9cb9-00241d73ad97}\image\WINDOWS\WindowsUpdate.log 2018744 bytes File H:\## aswSnx private storage\snx_rhive 262144 bytes File H:\## aswSnx private storage\snx_rhive.LOG 1024 bytes ---- EOF - GMER 1.0.15 ----