Jack421

Member
  • Content Count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jack421

  • Rank
    Member
  1. Here is the new Combofix Log! Same problem still present!
  2. I thought you also wanted the Emisoft logs my Mistake! That log file was made after I made the fix!
  3. Here are requested log files! Now problem only occurs with desktop shortcuts!
  4. I already supplied the log files here they are again! Oh And Emisoft runs clean log file!
  5. I am having trouble running programs as an administrator from the side menu! What might be the problem?
  6. I noticed a Billeo program from hijack this log file in my computer that seems out of place, should I delete it or what should I do with this problem? I am also doing a general malware check up on my computer!
  7. Seems to be working now! Now new log files I cleared the log then looked to see if new events occurred phone worked then no new logs events were created
  8. Yes I did the blocked event is below! Here is the online Armour History it started acting up again! I am going to now try it without online armour active and see if that changes things! Type,Date/Time,Action,Description Program Guard: kernel event,3/21/2011 8:54:26 PM,None,"OADriver: OB_OPERATION_HANDLE_CREATE, 4288 -> 2976, Mask: 1F1FFF -0 1F1414" Program Guard: kernel event,3/21/2011 8:53:16 PM,None,"OADriver: SendMessage, Msg: 49644/c1ec 4328 -> 2976, Deny (protected)" Program Guard: kernel event,3/21/2011 8:50:55 PM,None,"OADriver: OB_OPERATION_HANDLE_CREATE, 4288 -> 2976, Mask: 1F1FFF -0 1F1414"
  9. Please help me configure the firewall problem with I call!
  10. There you have the requested logs of OTL, Extra and scan of Emisoft as well as Gmer!
  11. Found this while running Gmer! ---- Processes - GMER 1.0.15 ---- Process bash.exe (*** hidden *** ) GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-18 15:11:16 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC32P Running: gmer.exe; Driver: C:\Users\Megatron\AppData\Local\Temp\fflyqkow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x94AF29CA] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x956E7328] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x956E5A8C] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x956E555E] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x956E6824] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x956E564C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x94AF4EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x94AF4F04] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x956EC1F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x94AF501A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x94AF4E02] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x956E546A] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x956E34F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x94AF4E56] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x956E4634] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x94AF4FC8] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x956E4D22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x94AF29EE] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x956E532C] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x956E624C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x94AF2A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x94AF5412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x94AF34AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x94AF4EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x94AF4F2C] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x956EC554] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x94AF5044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x94AF4E2E] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x956E37B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x94AF4E84] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x956E48B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x94AF4FF2] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x956E65D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x94AF3370] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x956E6940] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x956E5CB0] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x956E5F14] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRestoreKey [0x956EBFF0] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x956E50CE] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x956E586E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x94AF2A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x94AF2A5A] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x956E4BCC] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x956E6FDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x94AF294E] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x956E6186] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x956E51FE] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x956E4F7A] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x956E4E40] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateProcess [0x956E4472] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x956E4A66] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x956E6414] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x94AF2A7E] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x956E6700] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x956E4768] INT 0x61 ? 945BECD0 INT 0x72 ? 945BEA50 Code 8D1AABFC ZwTraceEvent ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!NtTraceEvent 82240326 5 Bytes JMP 8D1AAC00 .text ntkrnlpa.exe!KeSetEvent + 10D 822C1890 4 Bytes [CA, 29, AF, 94] {RETF 0xaf29; XCHG ESP, EAX} .text ntkrnlpa.exe!KeSetEvent + 131 822C18B4 4 Bytes [28, 73, 6E, 95] {SUB [EBX+0x6e], DH; XCHG EBP, EAX} .text ntkrnlpa.exe!KeSetEvent + 13D 822C18C0 8 Bytes [8C, 5A, 6E, 95, 5E, 55, 6E, ...] {MOV WORD [EDX+0x6e], DS; XCHG EBP, EAX; POP ESI; PUSH EBP; OUTSB ; XCHG EBP, EAX} .text ntkrnlpa.exe!KeSetEvent + 191 822C1914 4 Bytes [24, 68, 6E, 95] {AND AL, 0x68; OUTSB ; XCHG EBP, EAX} .text ntkrnlpa.exe!KeSetEvent + 1C1 822C1944 4 Bytes [4C, 56, 6E, 95] {DEC ESP; PUSH ESI; OUTSB ; XCHG EBP, EAX} .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D60F340, 0x3ED9C7, 0xE8000020] .text ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text ntdll.dll!LdrGetProcedureAddressEx 774954D0 6 Bytes JMP 71610F5A .text ntdll.dll!LdrGetProcedureAddress 774957A0 6 Bytes JMP 71640F5A .text ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [6F, 71] .text ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [6C, 71] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[556] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[556] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\wininit.exe[632] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00030030 .text C:\Windows\system32\wininit.exe[632] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0003006C .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0005006C .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000500A8 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000501D4 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000500E4 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00050120 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0005015C .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00050198 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00050030 .text C:\Windows\system32\wininit.exe[632] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000600A8 .text C:\Windows\system32\wininit.exe[632] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000600E4 .text C:\Windows\system32\wininit.exe[632] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00060120 .text C:\Windows\system32\wininit.exe[632] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00060030 .text C:\Windows\system32\wininit.exe[632] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0006006C .text C:\Windows\system32\services.exe[684] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\services.exe[684] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\services.exe[684] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000800A8 .text C:\Windows\system32\services.exe[684] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\services.exe[684] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00080120 .text C:\Windows\system32\services.exe[684] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\services.exe[684] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0008006C .text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0008006C .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000800A8 .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000801D4 .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000800E4 .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00080120 .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0008015C .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00080198 .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00080030 .text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000D00A8 .text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000D00E4 .text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 000D0120 .text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 000D0030 .text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 000D006C .text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0017006C .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001700A8 .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 3 Bytes JMP 001701D4 .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!SetServiceObjectSecurity + 4 765E6CDD 1 Byte [89] .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001700E4 .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00170120 .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0017015C .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00170198 .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00170030 .text C:\Windows\system32\winlogon.exe[768] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00030030 .text C:\Windows\system32\winlogon.exe[768] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0003006C .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0005006C .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000500A8 .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000501D4 .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000500E4 .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00050120 .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0005015C .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00050198 .text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00050030 .text C:\Windows\system32\winlogon.exe[768] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000600A8 .text C:\Windows\system32\winlogon.exe[768] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000600E4 .text C:\Windows\system32\winlogon.exe[768] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00060120 .text C:\Windows\system32\winlogon.exe[768] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00060030 .text C:\Windows\system32\winlogon.exe[768] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0006006C .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000800A8 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000800E4 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00080120 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00080030 .text C:\Program Files\Secunia\PSI\PSIA.exe[804] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0008006C .text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00140030 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0014006C .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001600A8 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001600E4 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00160120 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00160030 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0016006C .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0017006C .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001700A8 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 3 Bytes JMP 001701D4 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!SetServiceObjectSecurity + 4 765E6CDD 1 Byte [89] .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001700E4 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00170120 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0017015C .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00170198 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[960] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00170030 .text C:\Windows\system32\nvvsvc.exe[1024] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Windows\system32\nvvsvc.exe[1024] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Windows\system32\nvvsvc.exe[1024] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001700A8 .text C:\Windows\system32\nvvsvc.exe[1024] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001700E4 .text C:\Windows\system32\nvvsvc.exe[1024] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00170120 .text C:\Windows\system32\nvvsvc.exe[1024] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00170030 .text C:\Windows\system32\nvvsvc.exe[1024] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0017006C .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0018006C .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001800A8 .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 001801D4 .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001800E4 .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00180120 .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0018015C .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00180198 .text C:\Windows\system32\nvvsvc.exe[1024] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00180030 .text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001600A8 .text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001600E4 .text C:\Windows\system32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00160120 .text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00160030 .text C:\Windows\system32\svchost.exe[1052] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0016006C .text C:\Windows\System32\svchost.exe[1152] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[1152] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000C00A8 .text C:\Windows\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000C00E4 .text C:\Windows\System32\svchost.exe[1152] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 000C0120 .text C:\Windows\System32\svchost.exe[1152] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 000C0030 .text C:\Windows\System32\svchost.exe[1152] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 000C006C .text C:\Windows\System32\svchost.exe[1200] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 00CA00A8 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 00CA00E4 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00CA0120 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00CA0030 .text C:\Windows\System32\svchost.exe[1200] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 00CA006C .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 000A0030 .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 000A006C .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 000C006C .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000C00A8 .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000C01D4 .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000C00E4 .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 000C0120 .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 000C015C .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 000C0198 .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 000C0030 .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 00B400A8 .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 00B400E4 .text C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00B40120 .text C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00B40030 .text C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 00B4006C .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 002300A8 .text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 002300E4 .text C:\Windows\system32\svchost.exe[1384] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00230120 .text C:\Windows\system32\svchost.exe[1384] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00230030 .text C:\Windows\system32\svchost.exe[1384] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0023006C .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00080030 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0008006C .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 000A006C .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000A00A8 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000A01D4 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000A00E4 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 000A0120 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 000A015C .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 000A0198 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 000A0030 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000B00A8 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000B00E4 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 000B0120 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 000B0030 .text C:\Program Files\Sandboxie\SbieSvc.exe[1440] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 000B006C .text C:\Windows\system32\rundll32.exe[1504] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00060030 .text C:\Windows\system32\rundll32.exe[1504] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0006006C .text C:\Windows\system32\rundll32.exe[1504] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000700A8 .text C:\Windows\system32\rundll32.exe[1504] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000700E4 .text C:\Windows\system32\rundll32.exe[1504] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00070120 .text C:\Windows\system32\rundll32.exe[1504] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00070030 .text C:\Windows\system32\rundll32.exe[1504] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0007006C .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0008006C .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000800A8 .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000801D4 .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000800E4 .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00080120 .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0008015C .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00080198 .text C:\Windows\system32\rundll32.exe[1504] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00080030 .text C:\Windows\system32\svchost.exe[1580] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1580] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1580] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1580] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 002200A8 .text C:\Windows\system32\svchost.exe[1580] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 002200E4 .text C:\Windows\system32\svchost.exe[1580] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00220120 .text C:\Windows\system32\svchost.exe[1580] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00220030 .text C:\Windows\system32\svchost.exe[1580] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0022006C .text C:\Windows\system32\svchost.exe[1644] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1644] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000C00A8 .text C:\Windows\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000C00E4 .text C:\Windows\system32\svchost.exe[1644] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 000C0120 .text C:\Windows\system32\svchost.exe[1644] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 000C0030 .text C:\Windows\system32\svchost.exe[1644] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 000C006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001700A8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001700E4 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00170120 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00170030 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0017006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0018006C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001800A8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 001801D4 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001800E4 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00180120 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0018015C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00180198 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1664] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00180030 .text C:\Program Files\Online Armor\OAcat.exe[1712] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00140030 .text C:\Program Files\Online Armor\OAcat.exe[1712] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0014006C .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0016006C .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!DeleteService 765AA07E 5 Bytes JMP 001600A8 .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 001601D4 .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001600E4 .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00160120 .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0016015C .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00160198 .text C:\Program Files\Online Armor\OAcat.exe[1712] advapi32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00160030 .text C:\Program Files\Online Armor\OAcat.exe[1712] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001700A8 .text C:\Program Files\Online Armor\OAcat.exe[1712] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001700E4 .text C:\Program Files\Online Armor\OAcat.exe[1712] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00170120 .text C:\Program Files\Online Armor\OAcat.exe[1712] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00170030 .text C:\Program Files\Online Armor\OAcat.exe[1712] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0017006C .text C:\Program Files\Online Armor\oasrv.exe[1724] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00140030 .text C:\Program Files\Online Armor\oasrv.exe[1724] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0014006C .text C:\Program Files\Online Armor\oasrv.exe[1724] user32.dll!LoadStringA 75EE6243 6 Bytes JMP 71AF0F5A .text C:\Program Files\Online Armor\oasrv.exe[1724] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001600A8 .text C:\Program Files\Online Armor\oasrv.exe[1724] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001600E4 .text C:\Program Files\Online Armor\oasrv.exe[1724] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00160120 .text C:\Program Files\Online Armor\oasrv.exe[1724] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00160030 .text C:\Program Files\Online Armor\oasrv.exe[1724] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0016006C .text C:\Program Files\Online Armor\oasrv.exe[1724] user32.dll!LoadStringW 75EF9CCB 6 Bytes JMP 71A90F5A .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0017006C .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001700A8 .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 3 Bytes JMP 001701D4 .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity + 4 765E6CDD 1 Byte [89] .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001700E4 .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00170120 .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0017015C .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00170198 .text C:\Program Files\Online Armor\oasrv.exe[1724] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00170030 .text C:\Windows\system32\taskeng.exe[1796] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\taskeng.exe[1796] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\taskeng.exe[1796] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1796] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Windows\system32\taskeng.exe[1796] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1796] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Windows\system32\taskeng.exe[1796] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Windows\system32\taskeng.exe[1796] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Windows\system32\taskeng.exe[1796] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Windows\system32\taskeng.exe[1796] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Windows\system32\taskeng.exe[1796] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Windows\system32\taskeng.exe[1796] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Windows\system32\taskeng.exe[1796] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1796] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Windows\system32\taskeng.exe[1796] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001D00A8 .text C:\Windows\system32\taskeng.exe[1796] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001D00E4 .text C:\Windows\system32\taskeng.exe[1796] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 001D0120 .text C:\Windows\system32\taskeng.exe[1796] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 001D0030 .text C:\Windows\system32\taskeng.exe[1796] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[1796] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Windows\system32\taskeng.exe[1796] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 001D006C .text C:\Windows\system32\taskeng.exe[1796] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Windows\system32\taskeng.exe[1796] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Windows\system32\taskeng.exe[1796] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Windows\system32\taskeng.exe[1796] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Windows\system32\taskeng.exe[1796] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Windows\system32\taskeng.exe[1796] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 001E006C .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001E00A8 .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 001E01D4 .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001E00E4 .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 001E0120 .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 001E015C .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 001E0198 .text C:\Windows\system32\taskeng.exe[1796] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 001E0030 .text C:\Windows\system32\taskeng.exe[1796] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Windows\system32\taskeng.exe[1796] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Windows\system32\taskeng.exe[1796] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!SetUnhandledExceptionFilter 75D0A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Secunia\PSI\sua.exe[2144] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00060030 .text C:\Program Files\Secunia\PSI\sua.exe[2144] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0006006C .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Program Files\Secunia\PSI\sua.exe[2144] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0009006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000900A8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000901D4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000900E4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00090120 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0009015C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00090198 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00090030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000A00A8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000A00E4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 000A0120 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 000A0030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2228] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 000A006C .text C:\Windows\system32\SearchIndexer.exe[2332] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\SearchIndexer.exe[2332] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\SearchIndexer.exe[2332] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\SearchIndexer.exe[2332] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000800A8 .text C:\Windows\system32\SearchIndexer.exe[2332] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\SearchIndexer.exe[2332] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00080120 .text C:\Windows\system32\SearchIndexer.exe[2332] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\SearchIndexer.exe[2332] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0008006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 000800A8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 000800E4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00080120 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00080030 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2380] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0008006C .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00140030 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0014006C .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0016006C .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001600A8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 001601D4 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001600E4 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00160120 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0016015C .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00160198 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00160030 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001700A8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001700E4 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00170120 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00170030 .text C:\Windows\system32\DRIVERS\xaudio.exe[2392] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0017006C .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 001700A8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 001700E4 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00170120 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00170030 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0017006C .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0018006C .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 001800A8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 001801D4 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 001800E4 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00180120 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0018015C .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00180198 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2580] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00180030 .text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[2756] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Windows\system32\Dwm.exe[2800] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Windows\system32\Dwm.exe[2800] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Windows\system32\Dwm.exe[2800] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Windows\system32\Dwm.exe[2800] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Windows\system32\Dwm.exe[2800] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Windows\system32\Dwm.exe[2800] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Windows\system32\Dwm.exe[2800] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[2800] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Windows\system32\Dwm.exe[2800] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 007C00A8 .text C:\Windows\system32\Dwm.exe[2800] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 007C00E4 .text C:\Windows\system32\Dwm.exe[2800] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 007C0120 .text C:\Windows\system32\Dwm.exe[2800] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 007C0030 .text C:\Windows\system32\Dwm.exe[2800] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[2800] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Windows\system32\Dwm.exe[2800] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 007C006C .text C:\Windows\system32\Dwm.exe[2800] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Windows\system32\Dwm.exe[2800] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Windows\system32\Dwm.exe[2800] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Windows\system32\Dwm.exe[2800] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Windows\system32\Dwm.exe[2800] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Windows\system32\Dwm.exe[2800] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 0081006C .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 008100A8 .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 008101D4 .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 008100E4 .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00810120 .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0081015C .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00810198 .text C:\Windows\system32\Dwm.exe[2800] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 00810030 .text C:\Windows\system32\Dwm.exe[2800] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Windows\system32\Dwm.exe[2800] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Windows\system32\Dwm.exe[2800] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 71910F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 71940F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\WINDOWS\System32\rundll32.exe[3056] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 000A0030 .text C:\WINDOWS\System32\rundll32.exe[3056] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 000A006C .text C:\WINDOWS\System32\rundll32.exe[3056] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\rundll32.exe[3056] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\WINDOWS\System32\rundll32.exe[3056] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\rundll32.exe[3056] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\WINDOWS\System32\rundll32.exe[3056] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\WINDOWS\System32\rundll32.exe[3056] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\WINDOWS\System32\rundll32.exe[3056] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\WINDOWS\System32\rundll32.exe[3056] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\WINDOWS\System32\rundll32.exe[3056] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\WINDOWS\System32\rundll32.exe[3056] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 005D00A8 .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 005D00E4 .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 005D0120 .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 005D0030 .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 005D006C .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\WINDOWS\System32\rundll32.exe[3056] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\WINDOWS\System32\rundll32.exe[3056] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\WINDOWS\System32\rundll32.exe[3056] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\WINDOWS\System32\rundll32.exe[3056] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\WINDOWS\System32\rundll32.exe[3056] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 013D006C .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 013D00A8 .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 013D01D4 .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 013D00E4 .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 013D0120 .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 013D015C .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 013D0198 .text C:\WINDOWS\System32\rundll32.exe[3056] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 013D0030 .text C:\WINDOWS\System32\rundll32.exe[3056] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\System32\rundll32.exe[3056] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\WINDOWS\System32\rundll32.exe[3056] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!LdrGetProcedureAddressEx 774954D0 6 Bytes JMP 71610F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!LdrGetProcedureAddress 774957A0 6 Bytes JMP 71640F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [6F, 71] .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [6C, 71] .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!WriteProcessMemory 75CE1CB8 6 Bytes JMP 715B0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71670F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 716A0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!VirtualProtectEx 75D0DBDA 6 Bytes JMP 715E0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 718E0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 71910F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [7E, 71] {JLE 0x73} .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 003F00A8 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 003F00E4 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 003F0120 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 003F0030 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [81, 71] .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 003F006C .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 71850F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 71760F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 71730F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71790F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 717C0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 004C006C .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 004C00A8 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 004C01D4 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 004C00E4 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 004C0120 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 004C015C .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 004C0198 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 004C0030 .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ole32.dll!CoGetClassObject 7633FAE8 6 Bytes JMP 71940F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ole32.dll!CoCreateInstance 76359F3E 6 Bytes JMP 719A0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] ole32.dll!CoCreateInstanceEx 76359F81 6 Bytes JMP 71970F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Windows\Explorer.EXE[3188] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\Explorer.EXE[3188] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\Explorer.EXE[3188] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3188] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [7E, 71] {JLE 0x73} .text C:\Windows\Explorer.EXE[3188] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3188] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [7B, 71] {JNP 0x73} .text C:\Windows\Explorer.EXE[3188] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Windows\Explorer.EXE[3188] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Windows\Explorer.EXE[3188] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71760F5A .text C:\Windows\Explorer.EXE[3188] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71790F5A .text C:\Windows\Explorer.EXE[3188] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3188] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [8D, 71] .text C:\Windows\Explorer.EXE[3188] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 004200A8 .text C:\Windows\Explorer.EXE[3188] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 004200E4 .text C:\Windows\Explorer.EXE[3188] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00420120 .text C:\Windows\Explorer.EXE[3188] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00420030 .text C:\Windows\Explorer.EXE[3188] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[3188] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [90, 71] .text C:\Windows\Explorer.EXE[3188] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0042006C .text C:\Windows\Explorer.EXE[3188] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Windows\Explorer.EXE[3188] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 71940F5A .text C:\Windows\Explorer.EXE[3188] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 71850F5A .text C:\Windows\Explorer.EXE[3188] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 71820F5A .text C:\Windows\Explorer.EXE[3188] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71880F5A .text C:\Windows\Explorer.EXE[3188] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 718B0F5A .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 0043006C .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 004300A8 .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 004301D4 .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 004300E4 .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00430120 .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0043015C .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00430198 .text C:\Windows\Explorer.EXE[3188] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 00430030 .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!select 766315F4 6 Bytes JMP 715E0F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!closesocket 7663330C 6 Bytes JMP 71730F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!recv 7663343A 6 Bytes JMP 71530F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!ioctlsocket 76633CE7 6 Bytes JMP 715B0F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!connect 766340D9 6 Bytes JMP 71700F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!WSASend 76634496 6 Bytes JMP 714C0F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!send 7663659B 6 Bytes JMP 716A0F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!sendto 766367C5 6 Bytes JMP 71670F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!WSARecv 76638400 6 Bytes JMP 714F0F5A .text C:\Windows\Explorer.EXE[3188] WS2_32.dll!WSAAsyncSelect 7664A17C 6 Bytes JMP 71580F5A .text C:\Windows\Explorer.EXE[3188] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Windows\Explorer.EXE[3188] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 003F00A8 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 003F00E4 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 003F0120 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 003F0030 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 003F006C .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 0183006C .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 018300A8 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 018301D4 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 018300E4 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 01830120 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0183015C .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 01830198 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 01830030 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Program Files\Online Armor\oaui.exe[3260] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\Online Armor\oaui.exe[3260] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\Online Armor\oaui.exe[3260] user32.dll!LoadStringA 75EE6243 6 Bytes JMP 71AF0F5A .text C:\Program Files\Online Armor\oaui.exe[3260] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 016900A8 .text C:\Program Files\Online Armor\oaui.exe[3260] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 016900E4 .text C:\Program Files\Online Armor\oaui.exe[3260] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 01690120 .text C:\Program Files\Online Armor\oaui.exe[3260] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 01690030 .text C:\Program Files\Online Armor\oaui.exe[3260] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0169006C .text C:\Program Files\Online Armor\oaui.exe[3260] user32.dll!LoadStringW 75EF9CCB 6 Bytes JMP 71A90F5A .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 016A006C .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 016A00A8 .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 016A01D4 .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 016A00E4 .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 016A0120 .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 016A015C .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 016A0198 .text C:\Program Files\Online Armor\oaui.exe[3260] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 016A0030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00160030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0016006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 003E00A8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 003E00E4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 003E0120 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 003E0030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 003E006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 003F006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 003F00A8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 003F01D4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 003F00E4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 003F0120 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 003F015C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 003F0198 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 003F0030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 003F00A8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 003F00E4 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 003F0120 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 003F0030 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 003F006C .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 0154006C .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 015400A8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 015401D4 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 015400E4 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 01540120 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0154015C .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 01540198 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 01540030 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!LdrGetProcedureAddressEx 774954D0 6 Bytes JMP 71610F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!LdrGetProcedureAddress 774957A0 6 Bytes JMP 71640F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [6F, 71] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [6C, 71] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!WriteProcessMemory 75CE1CB8 6 Bytes JMP 715B0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71670F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 716A0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!VirtualProtectEx 75D0DBDA 6 Bytes JMP 715E0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 718E0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 71910F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 003F00A8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 003F00E4 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 003F0120 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 003F0030 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [81, 71] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 003F006C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 71850F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 71760F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 71730F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71790F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 717C0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 0045006C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 004500A8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 004501D4 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 004500E4 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00450120 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0045015C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00450198 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 00450030 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ole32.dll!CoGetClassObject 7633FAE8 6 Bytes JMP 71940F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ole32.dll!CoCreateInstance 76359F3E 6 Bytes JMP 719A0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] ole32.dll!CoCreateInstanceEx 76359F81 6 Bytes JMP 71970F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 003F00A8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 003F00E4 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 003F0120 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 003F0030 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 003F006C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 0048006C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 004800A8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 004801D4 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 004800E4 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00480120 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0048015C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00480198 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 00480030 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00070120 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0007015C .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00070198 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00070030 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 008C00A8 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 008C00E4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 008C0120 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 008C0030 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] USER32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 008C006C .text C:\Program Files\Online Armor\OAhlp.exe[3876] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00150030 .text C:\Program Files\Online Armor\OAhlp.exe[3876] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0015006C .text C:\Program Files\Online Armor\OAhlp.exe[3876] user32.dll!LoadStringA 75EE6243 6 Bytes JMP 71AF0F5A .text C:\Program Files\Online Armor\OAhlp.exe[3876] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 003000A8 .text C:\Program Files\Online Armor\OAhlp.exe[3876] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 003000E4 .text C:\Program Files\Online Armor\OAhlp.exe[3876] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 00300120 .text C:\Program Files\Online Armor\OAhlp.exe[3876] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 00300030 .text C:\Program Files\Online Armor\OAhlp.exe[3876] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 0030006C .text C:\Program Files\Online Armor\OAhlp.exe[3876] user32.dll!LoadStringW 75EF9CCB 6 Bytes JMP 71A90F5A .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!CreateServiceW 765A9EB4 5 Bytes JMP 0031006C .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 003100A8 .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 003101D4 .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 003100E4 .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 00310120 .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 0031015C .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 00310198 .text C:\Program Files\Online Armor\OAhlp.exe[3876] ADVAPI32.dll!CreateServiceA 765E72A1 5 Bytes JMP 00310030 .text C:\Windows\system32\PhotoScreensaver.scr[3992] ntdll.dll!LdrLoadDll 774793A8 5 Bytes JMP 00050030 .text C:\Windows\system32\PhotoScreensaver.scr[3992] ntdll.dll!LdrUnloadDll 7748B740 5 Bytes JMP 0005006C .text C:\Windows\system32\PhotoScreensaver.scr[3992] ntdll.dll!NtCreateSymbolicLinkObject 774B4334 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PhotoScreensaver.scr[3992] ntdll.dll!NtCreateSymbolicLinkObject + 4 774B4338 2 Bytes [78, 71] {JS 0x73} .text C:\Windows\system32\PhotoScreensaver.scr[3992] ntdll.dll!NtOpenFile 774B4A04 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PhotoScreensaver.scr[3992] ntdll.dll!NtOpenFile + 4 774B4A08 2 Bytes [75, 71] {JNZ 0x73} .text C:\Windows\system32\PhotoScreensaver.scr[3992] kernel32.dll!CreateProcessW 75CE1BF3 6 Bytes JMP 71A60F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] kernel32.dll!CreateProcessA 75CE1C28 6 Bytes JMP 71A90F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] kernel32.dll!LoadLibraryW 75D09362 6 Bytes JMP 71700F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] kernel32.dll!LoadLibraryA 75D094DC 6 Bytes JMP 71730F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] kernel32.dll!CloseHandle 75D2AE8D 6 Bytes JMP 71970F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] kernel32.dll!CreateFileW 75D2AECB 6 Bytes JMP 719A0F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!RegisterRawInputDevices 75EE6161 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!RegisterRawInputDevices + 4 75EE6165 2 Bytes [87, 71] .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!SetWindowsHookExA 75EE6322 5 Bytes JMP 002E00A8 .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!SetWindowsHookExW 75EE87AD 5 Bytes JMP 002E00E4 .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!UnhookWindowsHookEx 75EE98DB 5 Bytes JMP 002E0120 .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!SetWinEventHook 75EE9F3A 5 Bytes JMP 002E0030 .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!RegisterHotKey 75EEBDA5 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!RegisterHotKey + 4 75EEBDA9 2 Bytes [8A, 71] .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!UnhookWinEvent 75EEC06F 5 Bytes JMP 002E006C .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!ExitWindowsEx 75F2B7C3 6 Bytes JMP 71A30F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] user32.dll!DdeClientTransaction 75F42005 6 Bytes JMP 718E0F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] GDI32.dll!DeleteDC 762B68CD 6 Bytes JMP 717F0F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] GDI32.dll!BitBlt 762B70A6 6 Bytes JMP 717C0F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] GDI32.dll!CreateDCW 762BA91D 6 Bytes JMP 71820F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] GDI32.dll!CreateDCA 762BAA49 6 Bytes JMP 71850F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!CreateServiceW 765A9EB4 6 Bytes JMP 002F006C .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!DeleteService 765AA07E 5 Bytes JMP 002F00A8 .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!SetServiceObjectSecurity 765E6CD9 5 Bytes JMP 002F01D4 .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!ChangeServiceConfigA 765E6DD9 5 Bytes JMP 002F00E4 .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!ChangeServiceConfigW 765E6F81 5 Bytes JMP 002F0120 .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!ChangeServiceConfig2A 765E7099 5 Bytes JMP 002F015C .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!ChangeServiceConfig2W 765E71E1 5 Bytes JMP 002F0198 .text C:\Windows\system32\PhotoScreensaver.scr[3992] ADVAPI32.dll!CreateServiceA 765E72A1 6 Bytes JMP 002F0030 .text C:\Windows\system32\PhotoScreensaver.scr[3992] WS2_32.dll!socket 766336D1 6 Bytes JMP 71AF0F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] IPHLPAPI.DLL!IcmpSendEcho2Ex 751E96D8 6 Bytes JMP 719D0F5A .text C:\Windows\system32\PhotoScreensaver.scr[3992] IPHLPAPI.DLL!IcmpSendEcho2 751E9C2D 6 Bytes JMP 71A00F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Online Armor\oasrv.exe[1724] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01050000 IAT C:\Windows\system32\taskeng.exe[1796] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001A0000 IAT C:\Windows\system32\Dwm.exe[2800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001F0000 IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001C0000 IAT C:\WINDOWS\System32\rundll32.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00120000 IAT C:\Users\Megatron\Downloads\Misc\Report Instruments\gmer\gmer.exe[3112] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000 IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7402CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3188] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003F0000 IAT C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A0000 IAT C:\Program Files\Online Armor\oaui.exe[3260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01AC0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3440] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001F0000 IAT C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3656] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000 IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3676] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003B0000 IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000 IAT C:\Program Files\Online Armor\OAhlp.exe[3876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01630000 IAT C:\Windows\system32\PhotoScreensaver.scr[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002B0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device \Driver\tdx \Device\Tcp OAmon.sys Device \Driver\tdx \Device\RawIp6 OAmon.sys Device \Driver\tdx \Device\Tcp6 OAmon.sys Device \Driver\tdx \Device\Tdx OAmon.sys Device \Driver\tdx \Device\Udp OAmon.sys Device \Driver\tdx \Device\RawIp OAmon.sys Device \Driver\tdx \Device\Udp6 OAmon.sys ---- Processes - GMER 1.0.15 ---- Process bash.exe (*** hidden *** ) 3920 ---- Files - GMER 1.0.15 ---- File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\buttons 0 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\buttons\blanhome.gif 3482 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\buttons\blannext.gif 3301 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\buttons\blantoc.gif 3555 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\buttons\blantop.gif 3322 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm 0 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\apa.htm 149482 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\apb.htm 67189 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\apc.htm 116098 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch01.htm 32977 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch02.htm 52800 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch03.htm 93415 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch04.htm 77014 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch05.htm 176008 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch06.htm 95546 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch07.htm 78144 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch07wk1.htm 14925 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch08.htm 71674 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch09.htm 128205 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch10.htm 96582 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch11.htm 88714 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch12.htm 114104 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch13.htm 68551 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch14.htm 134309 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch14wk2.htm 15308 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch15.htm 62069 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch16.htm 55981 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch17.htm 58516 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch18.htm 102706 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch19.htm 93047 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch20.htm 60856 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch21.htm 166931 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\ch21wk3.htm 18615 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\HTML Books\(Ebook - Html) Teach Yourself Perl In 21 Days\Teach Yourself Database Programming With Vb 5\Books\Teach Yourself Database programming with Visual basic 5 in 21day\htm\fm.htm 22607 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmba\file_id.diz 478 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmba\jgt-pvb6.ace 1456000 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmba\jgt.nfo 13651 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbb\file_id.diz 478 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbb\jgt-pvb6.c00 1456000 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbc\file_id.diz 478 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbc\jgt-pvb6.c01 1456000 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbd\file_id.diz 478 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbd\jgt-pvb6.c02 1456000 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbe\file_id.diz 478 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbe\jgt-pvb6.c03 1456000 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbf\file_id.diz 478 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbf\jgt-pvb6.c04 1456000 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbg\file_id.diz 478 bytes File C:\Users\Megatron\Documents\Documents\Personal Files\Books\eBooks & Texts\Computers\Technical\Programming\Visual Basic Ebooks and Tutorials\Programming Microsoft Visual Basic 6 Ebook Edition-1\Programming.Microsoft.Visual.Basic.6.Ebook.Edition-JGT\jgt-pmbg\jgt-pvb6.c05 1456000 bytes ---- EOF - GMER 1.0.15 ----
  12. I tried it without the firewall worked fine also going to forum for malware removal of the BASH.exe File!