GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-28 00:04:17 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000060 WDC_WD32 rev.12.0 Running: gmer.exe; Driver: C:\Users\aneirin\AppData\Local\Temp\uxdiqfod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DE8E202] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DE907F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DE90848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DE9095E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DE90746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DE90898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DE9079A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DE9090C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DE8E226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DE8DFF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DE8E24A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DE90D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DE8ECDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DE90820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DE90870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DE90988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DE90772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DE908D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DE907C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DE90936] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DE8EBA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DE8E26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DE8E292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DE8E04A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DE8E186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DE8E162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DE8E1AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DE8E2B6] INT 0x51 ? 8588BBF8 INT 0x82 ? 8768AF00 INT 0x92 ? 8768AF00 INT 0xA2 ? 8588ABF8 INT 0xB2 ? 8588BBF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E55D398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 832C9890 4 Bytes [02, E2, E8, 8D] .text ntkrnlpa.exe!KeSetEvent + 1D1 832C9954 8 Bytes [F0, 07, E9, 8D, 48, 08, E9, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 832C9960 4 Bytes [5E, 09, E9, 8D] .text ntkrnlpa.exe!KeSetEvent + 1F5 832C9978 4 Bytes [46, 07, E9, 8D] .text ntkrnlpa.exe!KeSetEvent + 215 832C9998 8 Bytes [98, 08, E9, 8D, 9A, 07, E9, ...] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833F462F 5 Bytes JMP 8E558D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 8344D543 5 Bytes JMP 8E55A7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83456E68 4 Bytes CALL 8DE8F34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8345AADC 4 Bytes CALL 8DE8F361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 834AEDCA 7 Bytes JMP 8E55D39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\sphp.sys The system cannot find the path specified. ! .text USBPORT.SYS!DllUnload 8917841B 5 Bytes JMP 8768A4E0 .text adnyt08u.SYS 8D1A6000 22 Bytes [82, E3, 5D, 83, 6C, E2, 5D, ...] .text adnyt08u.SYS 8D1A6017 84 Bytes [00, 32, E7, 70, 80, 3D, E5, ...] .text adnyt08u.SYS 8D1A606C 52 Bytes [A0, 3E, 26, 83, 98, 3E, 2C, ...] .text adnyt08u.SYS 8D1A60A1 43 Bytes [60, 2C, 83, 74, 56, 26, 83, ...] .text adnyt08u.SYS 8D1A60CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...] .text ... .text bridge.sys 891C7462 519 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...] .text win32k.sys!EngCreateRectRgn + 4537 9923FC90 5 Bytes JMP 8DE91440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 99258EC9 5 Bytes JMP 8DE91E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 99259CB5 5 Bytes JMP 8DE91F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C03 99262417 5 Bytes JMP 8DE90D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 9926336E 5 Bytes JMP 8DE91BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30F6 9926EAA7 5 Bytes JMP 8DE91316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4569 9926FF1A 5 Bytes JMP 8DE90F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 119BE 99289A45 5 Bytes JMP 8DE91180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A12 99289A99 5 Bytes JMP 8DE91326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 992B0A7E 5 Bytes JMP 8DE91B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DE 992B33DD 5 Bytes JMP 8DE90E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3F 992B9D2E 5 Bytes JMP 8DE90FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B42 992C41CC 5 Bytes JMP 8DE92014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 992C70B4 5 Bytes JMP 8DE90E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 81C 992E54D5 5 Bytes JMP 8DE91D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6EC2 992EBB7B 5 Bytes JMP 8DE91BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 992EF2EA 5 Bytes JMP 8DE91CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 992F6C09 5 Bytes JMP 8DE90EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 993151A4 5 Bytes JMP 8DE910AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 9931AA22 5 Bytes JMP 8DE91008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 9931E55A 5 Bytes JMP 8DE91ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A0F 9933CA67 5 Bytes JMP 8DE9103E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D229 99349281 5 Bytes JMP 8DE910E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ntdll.dll!LdrLoadDll 770593A8 5 Bytes [E9, 4B, 6E, 0F, 89] {JMP 0xffffffff890f6e50} .text ntdll.dll!LdrUnloadDll 7706B740 5 Bytes [E9, B7, 4C, 0E, 89] {JMP 0xffffffff890e4cbc} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[616] KERNEL32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000701F8 .text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000703FC .text C:\Windows\system32\wininit.exe[672] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000903FC .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00090600 .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00091014 .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00090804 .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00090A08 .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00090C0C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00090E10 .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000901F8 .text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 000A0600 .text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 000A0804 .text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 000A0A08 .text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000A01F8 .text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000A03FC .text C:\Windows\system32\csrss.exe[680] KERNEL32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[708] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[708] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[708] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[708] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[708] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 000E0600 .text C:\Windows\System32\spoolsv.exe[708] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 000E0804 .text C:\Windows\System32\spoolsv.exe[708] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 000E0A08 .text C:\Windows\System32\spoolsv.exe[708] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000E01F8 .text C:\Windows\System32\spoolsv.exe[708] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000E03FC .text C:\Windows\system32\services.exe[716] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[716] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[716] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[716] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[716] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[716] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[716] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[716] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[716] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\winlogon.exe[744] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[744] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[744] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsm.exe[776] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[776] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[776] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 008C03FC .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 008C0600 .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 008C1014 .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 008C0804 .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 008C0A08 .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 008C0C0C .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 008C0E10 .text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 008C01F8 .text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00990600 .text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00990804 .text C:\Windows\system32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00990A08 .text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 009901F8 .text C:\Windows\system32\svchost.exe[956] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 009903FC .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 001C0600 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 001C0804 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 001C0A08 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001C01F8 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001C03FC .text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 009A0600 .text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 009A0804 .text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 009A0A08 .text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 009A01F8 .text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 009A03FC .text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[1096] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[1096] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\taskeng.exe[1096] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 000C0600 .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\taskeng.exe[1096] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00080C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1120] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000903FC .text C:\Windows\system32\Ati2evxx.exe[1148] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001401F8 .text C:\Windows\system32\Ati2evxx.exe[1148] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001403FC .text C:\Windows\system32\Ati2evxx.exe[1148] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\Ati2evxx.exe[1148] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00160600 .text C:\Windows\system32\Ati2evxx.exe[1148] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00160804 .text C:\Windows\system32\Ati2evxx.exe[1148] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\Ati2evxx.exe[1148] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\Ati2evxx.exe[1148] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\Ati2evxx.exe[1148] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 001F0600 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 001F0804 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 001F0A08 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001F01F8 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001F03FC .text C:\Windows\System32\svchost.exe[1200] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00C90600 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00C90804 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00C90A08 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 00C901F8 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 00C903FC .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 76846322 3 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA + 4 76846326 1 Byte [89] .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 768487AD 3 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW + 4 768487B1 1 Byte [89] .text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWinEventHook 76849F3A 3 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWinEventHook + 4 76849F3E 1 Byte [89] .text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001003FC .text C:\Windows\system32\AUDIODG.EXE[1340] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00BF0600 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00BF0804 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00BF0A08 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 00BF01F8 .text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 00BF03FC .text C:\Windows\system32\wbem\unsecapp.exe[1520] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[1520] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[1520] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[1520] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[1520] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[1520] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[1520] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[1520] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[1520] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\Ati2evxx.exe[1540] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001401F8 .text C:\Windows\system32\Ati2evxx.exe[1540] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001403FC .text C:\Windows\system32\Ati2evxx.exe[1540] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\Ati2evxx.exe[1540] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00160600 .text C:\Windows\system32\Ati2evxx.exe[1540] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00160804 .text C:\Windows\system32\Ati2evxx.exe[1540] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\Ati2evxx.exe[1540] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\Ati2evxx.exe[1540] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\Ati2evxx.exe[1540] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001401F8 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001403FC .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00160600 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00160804 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00160A08 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1552] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1620] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1660] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1660] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1660] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1660] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1660] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1660] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1780] kernel32.dll!SetUnhandledExceptionFilter 7593A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1780] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\CTsvcCDA.exe[2076] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001401F8 .text C:\Windows\system32\CTsvcCDA.exe[2076] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001403FC .text C:\Windows\system32\CTsvcCDA.exe[2076] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\CTsvcCDA.exe[2076] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00160600 .text C:\Windows\system32\CTsvcCDA.exe[2076] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00160804 .text C:\Windows\system32\CTsvcCDA.exe[2076] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\CTsvcCDA.exe[2076] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\CTsvcCDA.exe[2076] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\CTsvcCDA.exe[2076] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00180600 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00180804 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00180A08 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe[2216] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2264] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00130600 .text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00130804 .text C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00130A08 .text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001301F8 .text C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001303FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 000C0600 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 000C0804 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2416] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00170600 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00170804 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00170A08 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001703FC .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001803FC .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00180600 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00180C0C .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2456] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001801F8 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00180600 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00180804 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00180A08 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001801F8 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001803FC .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001903FC .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00190600 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00191014 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00190804 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00190A08 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00190C0C .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00190E10 .text C:\Program Files\TalkTalk\bin\sprtsvc.exe[2472] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[2492] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2492] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2492] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe[2580] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00080C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2648] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000903FC .text C:\Windows\system32\wbem\unsecapp.exe[2676] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Windows\system32\wbem\unsecapp.exe[2676] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Windows\system32\wbem\unsecapp.exe[2676] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\wbem\unsecapp.exe[2676] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2676] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00190600 .text C:\Windows\system32\wbem\unsecapp.exe[2676] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00190804 .text C:\Windows\system32\wbem\unsecapp.exe[2676] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00190A08 .text C:\Windows\system32\wbem\unsecapp.exe[2676] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001901F8 .text C:\Windows\system32\wbem\unsecapp.exe[2676] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001903FC .text C:\Windows\system32\SearchIndexer.exe[2704] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[2704] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[2704] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[2704] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2704] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[2704] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[2704] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[2704] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[2704] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2760] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[2884] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\WUDFHost.exe[2884] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\WUDFHost.exe[2884] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\WUDFHost.exe[2884] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\WUDFHost.exe[2884] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 000C0600 .text C:\Windows\system32\WUDFHost.exe[2884] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\WUDFHost.exe[2884] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\WUDFHost.exe[2884] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\WUDFHost.exe[2884] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000B03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 000B0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 000B1014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 000B0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 000B0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 000B0C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 000B0E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000B01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 000C0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 000C0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2892] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00170600 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00170804 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00170A08 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001703FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001803FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00180600 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00180C0C .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2904] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\taskeng.exe[3060] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[3060] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[3060] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[3060] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[3060] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3060] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3060] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[3060] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[3060] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Users\aneirin\Desktop\gmer.exe[3092] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Users\aneirin\Desktop\gmer.exe[3092] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Users\aneirin\Desktop\gmer.exe[3092] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001903FC .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00190600 .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00191014 .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00190804 .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00190A08 .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00190C0C .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00190E10 .text C:\Users\aneirin\Desktop\gmer.exe[3092] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001901F8 .text C:\Users\aneirin\Desktop\gmer.exe[3092] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 001A0600 .text C:\Users\aneirin\Desktop\gmer.exe[3092] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 001A0804 .text C:\Users\aneirin\Desktop\gmer.exe[3092] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 001A0A08 .text C:\Users\aneirin\Desktop\gmer.exe[3092] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001A01F8 .text C:\Users\aneirin\Desktop\gmer.exe[3092] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001A03FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00350600 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00350804 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00350A08 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 003501F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3420] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 003503FC .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001703FC .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00170600 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00170C0C .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00180600 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00180804 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00180A08 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Giraffic\Veoh_Giraffic.exe[3500] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001803FC .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ntdll.dll!LdrLoadDll 770593A8 3 Bytes JMP 000601F8 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ntdll.dll!LdrLoadDll + 4 770593AC 1 Byte [89] .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000603FC .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe[3628] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[3760] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3760] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\alg.exe[3784] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\alg.exe[3784] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\System32\alg.exe[3784] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\alg.exe[3784] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\alg.exe[3784] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\System32\alg.exe[3784] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\System32\alg.exe[3784] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\alg.exe[3784] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\alg.exe[3784] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3896] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[4388] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[4388] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[4388] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[4388] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[4388] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[4388] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[4388] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[4388] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[4388] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\Explorer.exe[4392] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.exe[4392] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\Explorer.exe[4392] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.exe[4392] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.exe[4392] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.exe[4392] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.exe[4392] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.exe[4392] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.exe[4392] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[4416] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[4416] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[4416] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[4416] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4504] KERNEL32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 001501F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 001503FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 001803FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00180600 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00180C0C .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00190600 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00190804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00190A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[4700] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 001903FC .text C:\Program Files\iPod\bin\iPodService.exe[4724] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Program Files\iPod\bin\iPodService.exe[4724] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Program Files\iPod\bin\iPodService.exe[4724] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Program Files\iPod\bin\iPodService.exe[4724] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Program Files\iPod\bin\iPodService.exe[4724] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Program Files\iPod\bin\iPodService.exe[4724] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Program Files\iPod\bin\iPodService.exe[4724] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Program Files\iPod\bin\iPodService.exe[4724] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Program Files\iPod\bin\iPodService.exe[4724] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5300] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[5552] ntdll.dll!LdrLoadDll 770593A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[5552] ntdll.dll!LdrUnloadDll 7706B740 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[5552] kernel32.dll!GetBinaryTypeW + 70 75962467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!CreateServiceW 75C89EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!DeleteService 75C8A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!SetServiceObjectSecurity 75CC6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!ChangeServiceConfigA 75CC6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!ChangeServiceConfigW 75CC6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!ChangeServiceConfig2A 75CC7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!ChangeServiceConfig2W 75CC71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[5552] ADVAPI32.dll!CreateServiceA 75CC72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[5552] USER32.dll!SetWindowsHookExA 76846322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[5552] USER32.dll!SetWindowsHookExW 768487AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[5552] USER32.dll!UnhookWindowsHookEx 768498DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[5552] USER32.dll!SetWinEventHook 76849F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[5552] USER32.dll!UnhookWinEvent 7684C06F 5 Bytes JMP 000803FC ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8621F1F8 Device \FileSystem\fastfat \FatCdrom 8E9B61F8 Device \Driver\volmgr \Device\VolMgrControl 8621A1F8 Device \Driver\usbohci \Device\USBPDO-0 876461F8 Device \Driver\usbehci \Device\USBPDO-1 876771F8 Device \Driver\nvstor32 \Device\00000060 8621E1F8 Device \Driver\PCI_PNP5034 \Device\00000055 sphp.sys AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\sptd \Device\2132345039 sphp.sys Device \Driver\volmgr \Device\HarddiskVolume1 8621A1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8621A1F8 Device \Driver\cdrom \Device\CdRom0 8859D1F8 Device \Driver\volmgr \Device\HarddiskVolume3 8621A1F8 Device \Driver\cdrom \Device\CdRom1 8859D1F8 Device \Driver\atapi \Device\Ide\IdePort0 8621C1F8 Device \Driver\atapi \Device\Ide\IdePort1 8621C1F8 Device \Driver\volmgr \Device\HarddiskVolume4 8621A1F8 Device \Driver\USBSTOR \Device\00000067 886081F8 Device \Driver\volmgr \Device\HarddiskVolume5 8621A1F8 Device \Driver\USBSTOR \Device\00000068 886081F8 Device \Driver\netbt \Device\NetBT_Tcpip_{71EA444E-A7E6-4A96-B026-67FCE90D42AA} 886731F8 Device \Driver\volmgr \Device\HarddiskVolume6 8621A1F8 Device \Driver\USBSTOR \Device\00000069 886081F8 Device \Driver\volmgr \Device\HarddiskVolume7 8621A1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 886731F8 Device \Driver\Smb \Device\NetbiosSmb 885B9500 Device \Driver\nvstor32 \Device\RaidPort0 8621E1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{001274D2-44D2-4A0F-BEE9-3A6A64394BA3} 886731F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\iScsiPrt \Device\RaidPort1 876C21F8 Device \Driver\USBSTOR \Device\0000006a 886081F8 Device \Driver\USBSTOR \Device\0000006b 886081F8 Device \Driver\usbohci \Device\USBFDO-0 876461F8 Device \Driver\usbehci \Device\USBFDO-1 876771F8 Device \Driver\VClone \Device\Scsi\VClone1Port5Path0Target0Lun0 877511F8 Device \Driver\VClone \Device\Scsi\VClone1 877511F8 Device \Driver\adnyt08u \Device\Scsi\adnyt08u1Port6Path0Target0Lun0 876B11F8 Device \Driver\adnyt08u \Device\Scsi\adnyt08u1 876B11F8 Device \FileSystem\fastfat \Fat 8E9B61F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 9FAD31F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0xD6 0x7D 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x19 0x0B 0xB8 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x0B 0x6B 0x57 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1A 0xF6 0xFF 0xF0 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF9 0xD6 0x7D 0xE5 ... ---- EOF - GMER 1.0.15 ----