GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-12 17:21:18 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1200JB-00FUA0 rev.15.05R15 Running: p72zczem.exe; Driver: C:\Users\Seweryn\AppData\Local\Temp\ufldapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91621FC4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91624456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x916244AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x916245C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x916243AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x916244FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91624400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91624572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91621FE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91621DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9162200C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x916249BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91622AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91624486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x916244D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x916245EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x916243D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9162453E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9162442E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9162459C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9162296A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91622030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91622054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91621E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91621F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91621F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91621F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91622078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91C7F7A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 832EC890 4 Bytes [C4, 1F, 62, 91] .text ntkrnlpa.exe!KeSetEvent + 1D1 832EC954 8 Bytes [56, 44, 62, 91, AE, 44, 62, ...] {PUSH ESI; INC ESP; BOUND EDX, [ECX-0x6e9dbb52]} .text ntkrnlpa.exe!KeSetEvent + 1DD 832EC960 4 Bytes [C4, 45, 62, 91] {LES EAX, DWORD [EBP+0x62]; XCHG ECX, EAX} .text ntkrnlpa.exe!KeSetEvent + 1F5 832EC978 4 Bytes [AC, 43, 62, 91] .text ntkrnlpa.exe!KeSetEvent + 215 832EC998 8 Bytes [FE, 44, 62, 91, 00, 44, 62, ...] {INC BYTE [EDX-0x6f]; ADD [EDX-0x6f], AL} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8341762F 5 Bytes JMP 91C7C69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 83470543 5 Bytes JMP 91C7E15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83479E68 4 Bytes CALL 91623025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8347DADC 4 Bytes CALL 9162303B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 834D1DCA 7 Bytes JMP 91C7F7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F607340, 0x4128C7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[252] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\wininit.exe[628] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[628] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[628] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[628] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[628] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\csrss.exe[640] KERNEL32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\services.exe[672] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[672] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[672] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[672] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[672] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[672] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[684] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[684] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[684] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00090600 .text C:\Windows\system32\lsass.exe[684] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00090804 .text C:\Windows\system32\lsass.exe[684] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\lsass.exe[684] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\lsass.exe[684] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000903FC .text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[692] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[692] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\winlogon.exe[744] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[744] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[744] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00060C0C .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00070600 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00070804 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\winlogon.exe[744] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000703FC .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[860] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[864] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001401F8 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001403FC .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[940] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\nvvsvc.exe[1084] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\Windows\system32\nvvsvc.exe[1084] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\Windows\system32\nvvsvc.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1084] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Windows\system32\nvvsvc.exe[1084] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Windows\system32\nvvsvc.exe[1084] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\nvvsvc.exe[1084] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\nvvsvc.exe[1084] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\nvvsvc.exe[1084] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00130600 .text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00130804 .text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00130A08 .text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001301F8 .text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001303FC .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 001A0600 .text C:\Windows\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 001A0804 .text C:\Windows\System32\svchost.exe[1168] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 001A0A08 .text C:\Windows\System32\svchost.exe[1168] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001A01F8 .text C:\Windows\System32\svchost.exe[1168] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001A03FC .text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00970600 .text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00970804 .text C:\Windows\System32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00970A08 .text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 009701F8 .text C:\Windows\System32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 009703FC .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 01220600 .text C:\Windows\System32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 01220804 .text C:\Windows\System32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 01220A08 .text C:\Windows\System32\svchost.exe[1272] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 012201F8 .text C:\Windows\System32\svchost.exe[1272] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 012203FC .text C:\WINDOWS\RtHDVCpl.exe[1284] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\WINDOWS\RtHDVCpl.exe[1284] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\WINDOWS\RtHDVCpl.exe[1284] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 002703FC .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00270600 .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00271014 .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00270804 .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00270A08 .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00270C0C .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00270E10 .text C:\WINDOWS\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 002701F8 .text C:\WINDOWS\RtHDVCpl.exe[1284] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00280600 .text C:\WINDOWS\RtHDVCpl.exe[1284] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00280804 .text C:\WINDOWS\RtHDVCpl.exe[1284] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00280A08 .text C:\WINDOWS\RtHDVCpl.exe[1284] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 002801F8 .text C:\WINDOWS\RtHDVCpl.exe[1284] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 002803FC .text C:\Windows\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00AB0600 .text C:\Windows\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00AB0804 .text C:\Windows\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00AB0A08 .text C:\Windows\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 00AB01F8 .text C:\Windows\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 00AB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00070600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00070804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00070A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00080600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00081014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00080804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00080A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00080C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\AUDIODG.EXE[1408] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\notepad.exe[1472] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\notepad.exe[1472] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\notepad.exe[1472] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\notepad.exe[1472] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\notepad.exe[1472] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000C0600 .text C:\Windows\notepad.exe[1472] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000C0804 .text C:\Windows\notepad.exe[1472] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000C0A08 .text C:\Windows\notepad.exe[1472] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000C01F8 .text C:\Windows\notepad.exe[1472] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00BF0600 .text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00BF0804 .text C:\Windows\system32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00BF0A08 .text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 00BF01F8 .text C:\Windows\system32\svchost.exe[1484] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 00BF03FC .text C:\Windows\System32\spoolsv.exe[1520] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[1520] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[1520] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000803FC .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00080600 .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00081014 .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00080804 .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00080A08 .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00080C0C .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00080E10 .text C:\Windows\System32\spoolsv.exe[1520] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000801F8 .text C:\Windows\System32\spoolsv.exe[1520] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00100600 .text C:\Windows\System32\spoolsv.exe[1520] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00100804 .text C:\Windows\System32\spoolsv.exe[1520] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00100A08 .text C:\Windows\System32\spoolsv.exe[1520] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001001F8 .text C:\Windows\System32\spoolsv.exe[1520] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001003FC .text C:\Windows\system32\rundll32.exe[1624] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000601F8 .text C:\Windows\system32\rundll32.exe[1624] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000603FC .text C:\Windows\system32\rundll32.exe[1624] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\rundll32.exe[1624] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Windows\system32\rundll32.exe[1624] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Windows\system32\rundll32.exe[1624] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\rundll32.exe[1624] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\rundll32.exe[1624] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001C03FC .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 001C0600 .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 001C1014 .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 001C0804 .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 001C0A08 .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 001C0C0C .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 001C0E10 .text C:\Windows\system32\rundll32.exe[1624] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001C01F8 .text C:\Program Files\NetWorx\networx.exe[1640] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\Program Files\NetWorx\networx.exe[1640] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\Program Files\NetWorx\networx.exe[1640] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\NetWorx\networx.exe[1640] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Program Files\NetWorx\networx.exe[1640] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Program Files\NetWorx\networx.exe[1640] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Program Files\NetWorx\networx.exe[1640] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Program Files\NetWorx\networx.exe[1640] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Program Files\NetWorx\networx.exe[1640] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[1760] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1760] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1760] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1760] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1760] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[1760] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[1760] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[1760] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001003FC .text C:\WINDOWS\System32\rundll32.exe[1792] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000601F8 .text C:\WINDOWS\System32\rundll32.exe[1792] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000603FC .text C:\WINDOWS\System32\rundll32.exe[1792] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\WINDOWS\System32\rundll32.exe[1792] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00070600 .text C:\WINDOWS\System32\rundll32.exe[1792] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00070804 .text C:\WINDOWS\System32\rundll32.exe[1792] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00070A08 .text C:\WINDOWS\System32\rundll32.exe[1792] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000701F8 .text C:\WINDOWS\System32\rundll32.exe[1792] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000703FC .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000803FC .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00080600 .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00081014 .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00080804 .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00080A08 .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00080C0C .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00080E10 .text C:\WINDOWS\System32\rundll32.exe[1792] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1808] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[1808] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[1808] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[1808] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[1808] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[1808] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[1808] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[1808] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1808] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000803FC .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1872] kernel32.dll!SetUnhandledExceptionFilter 76C7A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1872] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000C01F8 .text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000D0600 .text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000D0804 .text C:\Windows\system32\Dwm.exe[2000] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000D0A08 .text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000D01F8 .text C:\Windows\system32\Dwm.exe[2000] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000D03FC .text C:\Windows\Explorer.EXE[2032] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[2032] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[2032] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\Explorer.EXE[2032] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000C0600 .text C:\Windows\Explorer.EXE[2032] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000C0804 .text C:\Windows\Explorer.EXE[2032] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000C0A08 .text C:\Windows\Explorer.EXE[2032] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000C01F8 .text C:\Windows\Explorer.EXE[2032] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\svchost.exe[2068] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[2068] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[2068] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[2068] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[2068] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00A40600 .text C:\Windows\system32\svchost.exe[2068] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00A40804 .text C:\Windows\system32\svchost.exe[2068] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00A40A08 .text C:\Windows\system32\svchost.exe[2068] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 00A401F8 .text C:\Windows\system32\svchost.exe[2068] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 00A403FC .text C:\Windows\system32\taskeng.exe[2096] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2096] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2096] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2096] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2096] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2096] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2096] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2096] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2096] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000803FC .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001601F8 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001603FC .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2112] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2144] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00170C0C .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\svchost.exe[2144] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000601F8 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000603FC .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00080600 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00080804 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00080A08 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2244] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000803FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000401F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000403FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000603FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00060600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00061014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00060804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00060A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00060C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00060E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000601F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00070600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00070804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00070A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2320] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000703FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000803FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00080600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00081014 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00080804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00080C0C .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00090600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00090804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2344] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2440] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001803FC .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001401F8 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001403FC .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 001C0600 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 001C0804 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 001C0A08 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001C01F8 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001C03FC .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001D03FC .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 001D0600 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 001D1014 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 001D0804 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 001D0A08 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 001D0C0C .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 001D0E10 .text C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe[2532] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001D01F8 .text C:\WINDOWS\ehome\ehtray.exe[2540] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\WINDOWS\ehome\ehtray.exe[2540] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\WINDOWS\ehome\ehtray.exe[2540] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\WINDOWS\ehome\ehtray.exe[2540] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\WINDOWS\ehome\ehtray.exe[2540] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000C0600 .text C:\WINDOWS\ehome\ehtray.exe[2540] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000C0804 .text C:\WINDOWS\ehome\ehtray.exe[2540] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000C0A08 .text C:\WINDOWS\ehome\ehtray.exe[2540] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000C01F8 .text C:\WINDOWS\ehome\ehtray.exe[2540] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2588] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000C0600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000C0804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2596] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000C03FC .text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000401F8 .text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000403FC .text C:\Windows\ehome\ehmsas.exe[2636] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000703FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000803FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00080600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00081014 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00080804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00080C0C .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00090600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00090804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2716] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000903FC .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001903FC .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00190600 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00191014 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00190804 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00190A08 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00190C0C .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00190E10 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001901F8 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 001A0600 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 001A0804 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 001A0A08 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001A01F8 .text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2728] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001A03FC .text C:\Windows\system32\svchost.exe[2860] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2860] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2860] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2860] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2860] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00150600 .text C:\Windows\system32\svchost.exe[2860] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00150804 .text C:\Windows\system32\svchost.exe[2860] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00150A08 .text C:\Windows\system32\svchost.exe[2860] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001501F8 .text C:\Windows\system32\svchost.exe[2860] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001503FC .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Macrium\Reflect\ReflectService.exe[3044] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Windows\System32\snmp.exe[3124] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\System32\snmp.exe[3124] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\System32\snmp.exe[3124] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\snmp.exe[3124] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\snmp.exe[3124] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00B30600 .text C:\Windows\System32\snmp.exe[3124] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00B30804 .text C:\Windows\System32\snmp.exe[3124] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00B30A08 .text C:\Windows\System32\snmp.exe[3124] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 00B301F8 .text C:\Windows\System32\snmp.exe[3124] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 00B303FC .text C:\Windows\system32\svchost.exe[3156] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[3156] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[3156] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[3156] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[3236] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3236] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3236] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[3236] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00081014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00080C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3256] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000903FC .text C:\Windows\system32\SearchIndexer.exe[3456] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[3456] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[3456] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[3456] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3456] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[3456] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[3456] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[3456] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[3456] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 008C0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 008C0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 008C0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 008C01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3540] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 008C03FC .text C:\Program Files\Opera\opera.exe[3816] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\Program Files\Opera\opera.exe[3816] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\Program Files\Opera\opera.exe[3816] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Opera\opera.exe[3816] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00170600 .text C:\Program Files\Opera\opera.exe[3816] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00170804 .text C:\Program Files\Opera\opera.exe[3816] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Opera\opera.exe[3816] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Opera\opera.exe[3816] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001703FC .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 001803FC .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00180600 .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00181014 .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00180804 .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00180A08 .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00180C0C .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Opera\opera.exe[3816] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtCreateFile + 6 77DA424A 4 Bytes [28, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtCreateFile + B 77DA424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtMapViewOfSection + 6 77DA499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtMapViewOfSection + 6 77DA499A 4 Bytes [28, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtMapViewOfSection + B 77DA499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenFile + 6 77DA4A2A 4 Bytes [68, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenFile + B 77DA4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenProcess + 6 77DA4AAA 4 Bytes [A8, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenProcess + B 77DA4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenProcessToken + 6 77DA4ABA 4 Bytes CALL 76DA50C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenProcessToken + B 77DA4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenProcessTokenEx + 6 77DA4ACA 4 Bytes [A8, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenProcessTokenEx + B 77DA4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenThread + 6 77DA4B1A 4 Bytes [68, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenThread + B 77DA4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenThreadToken + 6 77DA4B2A 4 Bytes [68, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenThreadToken + B 77DA4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenThreadTokenEx + 6 77DA4B3A 4 Bytes CALL 76DA5141 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtOpenThreadTokenEx + B 77DA4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtQueryAttributesFile + 6 77DA4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtQueryAttributesFile + B 77DA4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtQueryFullAttributesFile + 6 77DA4C7A 4 Bytes CALL 76DA527F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtQueryFullAttributesFile + B 77DA4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtSetInformationFile + 6 77DA515A 4 Bytes [28, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtSetInformationFile + B 77DA515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtSetInformationThread + 6 77DA51AA 4 Bytes [28, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtSetInformationThread + B 77DA51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 4 Bytes [68, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ntdll.dll!NtUnmapViewOfSection + B 77DA544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000D1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000D0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000D0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4104] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + 6 77DA424A 4 Bytes [28, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtCreateFile + B 77DA424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + 6 77DA499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + 6 77DA499A 4 Bytes [28, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtMapViewOfSection + B 77DA499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + 6 77DA4A2A 4 Bytes [68, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenFile + B 77DA4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + 6 77DA4AAA 4 Bytes [A8, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcess + B 77DA4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessToken + 6 77DA4ABA 4 Bytes CALL 76DA50C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessToken + B 77DA4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + 6 77DA4ACA 4 Bytes [A8, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenProcessTokenEx + B 77DA4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + 6 77DA4B1A 4 Bytes [68, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThread + B 77DA4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + 6 77DA4B2A 4 Bytes [68, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadToken + B 77DA4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadTokenEx + 6 77DA4B3A 4 Bytes CALL 76DA5141 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtOpenThreadTokenEx + B 77DA4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + 6 77DA4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryAttributesFile + B 77DA4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryFullAttributesFile + 6 77DA4C7A 4 Bytes CALL 76DA527F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtQueryFullAttributesFile + B 77DA4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + 6 77DA515A 4 Bytes [28, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationFile + B 77DA515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + 6 77DA51AA 4 Bytes [28, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtSetInformationThread + B 77DA51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 4 Bytes [68, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ntdll.dll!NtUnmapViewOfSection + B 77DA544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000C0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4160] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtCreateFile + 6 77DA424A 4 Bytes [28, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtCreateFile + B 77DA424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtMapViewOfSection + 6 77DA499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtMapViewOfSection + 6 77DA499A 4 Bytes [28, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtMapViewOfSection + B 77DA499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenFile + 6 77DA4A2A 4 Bytes [68, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenFile + B 77DA4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcess + 6 77DA4AAA 4 Bytes [A8, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcess + B 77DA4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessToken + 6 77DA4ABA 4 Bytes CALL 76DA50C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessToken + B 77DA4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessTokenEx + 6 77DA4ACA 4 Bytes [A8, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenProcessTokenEx + B 77DA4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThread + 6 77DA4B1A 4 Bytes [68, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThread + B 77DA4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadToken + 6 77DA4B2A 4 Bytes [68, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadToken + B 77DA4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadTokenEx + 6 77DA4B3A 4 Bytes CALL 76DA5141 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtOpenThreadTokenEx + B 77DA4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryAttributesFile + 6 77DA4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryAttributesFile + B 77DA4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryFullAttributesFile + 6 77DA4C7A 4 Bytes CALL 76DA527F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtQueryFullAttributesFile + B 77DA4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationFile + 6 77DA515A 4 Bytes [28, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationFile + B 77DA515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationThread + 6 77DA51AA 4 Bytes [28, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtSetInformationThread + B 77DA51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 4 Bytes [68, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ntdll.dll!NtUnmapViewOfSection + B 77DA544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 001F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 001F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 001F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 001F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 001F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 002003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00200600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00201014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00200804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00200A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00200C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00200E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4180] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 002001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtCreateFile + 6 77DA424A 4 Bytes [28, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtCreateFile + B 77DA424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + 6 77DA499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + 6 77DA499A 4 Bytes [28, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtMapViewOfSection + B 77DA499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenFile + 6 77DA4A2A 4 Bytes [68, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenFile + B 77DA4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcess + 6 77DA4AAA 4 Bytes [A8, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcess + B 77DA4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessToken + 6 77DA4ABA 4 Bytes CALL 76DA50C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessToken + B 77DA4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessTokenEx + 6 77DA4ACA 4 Bytes [A8, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenProcessTokenEx + B 77DA4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThread + 6 77DA4B1A 4 Bytes [68, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThread + B 77DA4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadToken + 6 77DA4B2A 4 Bytes [68, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadToken + B 77DA4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadTokenEx + 6 77DA4B3A 4 Bytes CALL 76DA5141 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtOpenThreadTokenEx + B 77DA4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryAttributesFile + 6 77DA4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryAttributesFile + B 77DA4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryFullAttributesFile + 6 77DA4C7A 4 Bytes CALL 76DA527F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtQueryFullAttributesFile + B 77DA4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationFile + 6 77DA515A 4 Bytes [28, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationFile + B 77DA515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationThread + 6 77DA51AA 4 Bytes [28, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtSetInformationThread + B 77DA51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 4 Bytes [68, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ntdll.dll!NtUnmapViewOfSection + B 77DA544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000C0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4196] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtCreateFile + 6 77DA424A 4 Bytes [28, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtCreateFile + B 77DA424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtMapViewOfSection + 6 77DA499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtMapViewOfSection + 6 77DA499A 4 Bytes [28, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtMapViewOfSection + B 77DA499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenFile + 6 77DA4A2A 4 Bytes [68, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenFile + B 77DA4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenProcess + 6 77DA4AAA 4 Bytes [A8, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenProcess + B 77DA4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenProcessToken + 6 77DA4ABA 4 Bytes CALL 76DA50C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenProcessToken + B 77DA4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenProcessTokenEx + 6 77DA4ACA 4 Bytes [A8, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenProcessTokenEx + B 77DA4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenThread + 6 77DA4B1A 4 Bytes [68, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenThread + B 77DA4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenThreadToken + 6 77DA4B2A 4 Bytes [68, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenThreadToken + B 77DA4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenThreadTokenEx + 6 77DA4B3A 4 Bytes CALL 76DA5141 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtOpenThreadTokenEx + B 77DA4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtQueryAttributesFile + 6 77DA4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtQueryAttributesFile + B 77DA4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtQueryFullAttributesFile + 6 77DA4C7A 4 Bytes CALL 76DA527F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtQueryFullAttributesFile + B 77DA4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtSetInformationFile + 6 77DA515A 4 Bytes [28, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtSetInformationFile + B 77DA515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtSetInformationThread + 6 77DA51AA 4 Bytes [28, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtSetInformationThread + B 77DA51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 4 Bytes [68, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ntdll.dll!NtUnmapViewOfSection + B 77DA544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000C0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4212] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000C01F8 .text C:\p72zczem.exe[4256] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtCreateFile + 6 77DA424A 4 Bytes [28, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtCreateFile + B 77DA424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtMapViewOfSection + 6 77DA499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtMapViewOfSection + 6 77DA499A 4 Bytes [28, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtMapViewOfSection + B 77DA499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenFile + 6 77DA4A2A 4 Bytes [68, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenFile + B 77DA4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcess + 6 77DA4AAA 4 Bytes [A8, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcess + B 77DA4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessToken + 6 77DA4ABA 4 Bytes CALL 76DA50C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessToken + B 77DA4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessTokenEx + 6 77DA4ACA 4 Bytes [A8, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessTokenEx + B 77DA4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThread + 6 77DA4B1A 4 Bytes [68, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThread + B 77DA4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadToken + 6 77DA4B2A 4 Bytes [68, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadToken + B 77DA4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadTokenEx + 6 77DA4B3A 4 Bytes CALL 76DA5141 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadTokenEx + B 77DA4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryAttributesFile + 6 77DA4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryAttributesFile + B 77DA4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryFullAttributesFile + 6 77DA4C7A 4 Bytes CALL 76DA527F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryFullAttributesFile + B 77DA4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationFile + 6 77DA515A 4 Bytes [28, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationFile + B 77DA515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationThread + 6 77DA51AA 4 Bytes [28, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationThread + B 77DA51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 4 Bytes [68, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtUnmapViewOfSection + B 77DA544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000C0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000C01F8 .text C:\OTL.exe[4784] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 001501F8 .text C:\OTL.exe[4784] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 001503FC .text C:\OTL.exe[4784] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\OTL.exe[4784] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 01F903FC .text C:\OTL.exe[4784] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 01F90600 .text C:\OTL.exe[4784] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 01F91014 .text C:\OTL.exe[4784] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 01F90804 .text C:\OTL.exe[4784] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 01F90A08 .text C:\OTL.exe[4784] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 01F90C0C .text C:\OTL.exe[4784] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 01F90E10 .text C:\OTL.exe[4784] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 01F901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + 6 77DA424A 4 Bytes [28, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtCreateFile + B 77DA424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 77DA499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + 6 77DA499A 4 Bytes [28, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtMapViewOfSection + B 77DA499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + 6 77DA4A2A 4 Bytes [68, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenFile + B 77DA4A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + 6 77DA4AAA 4 Bytes [A8, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcess + B 77DA4AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessToken + 6 77DA4ABA 4 Bytes CALL 76DA50C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessToken + B 77DA4ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + 6 77DA4ACA 4 Bytes [A8, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenProcessTokenEx + B 77DA4ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + 6 77DA4B1A 4 Bytes [68, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThread + B 77DA4B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + 6 77DA4B2A 4 Bytes [68, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadToken + B 77DA4B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadTokenEx + 6 77DA4B3A 4 Bytes CALL 76DA5141 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtOpenThreadTokenEx + B 77DA4B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + 6 77DA4BCA 4 Bytes [A8, 00, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryAttributesFile + B 77DA4BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryFullAttributesFile + 6 77DA4C7A 4 Bytes CALL 76DA527F .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtQueryFullAttributesFile + B 77DA4C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + 6 77DA515A 4 Bytes [28, 01, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationFile + B 77DA515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + 6 77DA51AA 4 Bytes [28, 02, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtSetInformationThread + B 77DA51AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + 6 77DA544A 4 Bytes [68, 03, 06, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ntdll.dll!NtUnmapViewOfSection + B 77DA544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 000B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 000B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 000C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 000C0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5784] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 000C01F8 .text C:\Windows\notepad.exe[5932] ntdll.dll!LdrLoadDll 77D69378 5 Bytes JMP 000901F8 .text C:\Windows\notepad.exe[5932] ntdll.dll!LdrUnloadDll 77D7B680 5 Bytes JMP 000903FC .text C:\Windows\notepad.exe[5932] kernel32.dll!GetBinaryTypeW + 70 76CA2467 1 Byte [62] .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!CreateServiceW 77049EB4 5 Bytes JMP 005303FC .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!DeleteService 7704A07E 5 Bytes JMP 00530600 .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!SetServiceObjectSecurity 77086CD9 5 Bytes JMP 00531014 .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!ChangeServiceConfigA 77086DD9 5 Bytes JMP 00530804 .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!ChangeServiceConfigW 77086F81 5 Bytes JMP 00530A08 .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!ChangeServiceConfig2A 77087099 5 Bytes JMP 00530C0C .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!ChangeServiceConfig2W 770871E1 5 Bytes JMP 00530E10 .text C:\Windows\notepad.exe[5932] ADVAPI32.dll!CreateServiceA 770872A1 5 Bytes JMP 005301F8 .text C:\Windows\notepad.exe[5932] USER32.dll!SetWindowsHookExA 76436322 5 Bytes JMP 00550600 .text C:\Windows\notepad.exe[5932] USER32.dll!SetWindowsHookExW 764387AD 5 Bytes JMP 00550804 .text C:\Windows\notepad.exe[5932] USER32.dll!UnhookWindowsHookEx 764398DB 5 Bytes JMP 00550A08 .text C:\Windows\notepad.exe[5932] USER32.dll!SetWinEventHook 76439F3A 5 Bytes JMP 005501F8 .text C:\Windows\notepad.exe[5932] USER32.dll!UnhookWinEvent 7643C06F 5 Bytes JMP 005503FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[672] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00190002 IAT C:\Windows\system32\services.exe[672] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00190000 IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73CDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4104] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00020010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4160] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4180] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4196] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4212] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4708] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5784] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0xEC 0x56 0x75 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x79 0xF5 0x72 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x6E 0x53 0x9E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x02 0x0E 0xC5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9A 0xBC 0x7A 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x79 0xF5 0x72 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x6E 0x53 0x9E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x02 0x0E 0xC5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9A 0xBC 0x7A 0xE3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x79 0xF5 0x72 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFD 0x6E 0x53 0x9E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x02 0x0E 0xC5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9A 0xBC 0x7A 0xE3 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4E 0xEC 0x56 0x75 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION ECF7753F8C82A61066AB36A686EBB04B9F4FACB8BACE5DBCEDDE6FF8ACE4BB0FCD6DADBDC24E72313D98B58A257694E022DF0EC429CB0402BCB9A7B055406146B1800DC3EB9F91A82132B7478934CD32C8FA6344563CC6944113FAC741A9D8143D679470CFBE4DBA659A7750FD6AACE7BB50BD21AB01202393C6F6BB1AC165C819C967F2FA27D37DE36753AB1010687DA280D4D3D7B06E2ECD274A1DCFD8308C6EC650913D8835DE78224B730F529CC5ABA4026C4D13F70D0EF5C90E95F5C4D9EF6CBB25AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6171C11EC38DE3DA9C6AECB7A5D14075F6CDF63F13061C24298328AD4E74ABD92D77177086497F90F53A0455EAA3B31014FF33F35759298C92281E25F6D407234B4B3F65FF7C3AB981518B2F70EF38ED198F3F609263679058F2B10B4B19532AD897D0D65289E478C9F0BA8931D13F55463ADC1666D6931B1C624D81E7A9B2C9DA207B1CFF2CCF706CB14F073303335BC3042D8411C5A4FC18EB10B5A2FB84DD1B3DC62C97A8A30CF52A4D8CE41035E7662A97BF9A5CEA65D13EFF4185DE44CCE505E9F7004A4A4EA5282B1517146471CC0AA6C6BA11FCEDDE64CE97DB6AE9ECBF2BEEDD6FA7E4E0CCD45519880550B02F6E3725FCCB7A1517B8 ---- EOF - GMER 1.0.15 ----