GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-16 16:17:47 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEKT-22KA9T0 rev.01.01A01 298.09GB Running: 10skcwvm.exe; Driver: C:\Users\Magda\AppData\Local\Temp\pwlirfow.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D6224BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DC17C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D622ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D62DFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D62DFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D62E176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D62DF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DC17FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D62DF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8D62311C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D62E130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8D62393E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D622508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DC17CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DC163EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D622556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D627534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D6243A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D62DFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D62E016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D62E19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D62DF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D62E0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D62DF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D62E154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DC17E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D624272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8D623DD4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D6225A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D6225F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8D6237BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D6221FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D6223AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D622350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8D623AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8D623C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D62241A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8DC17EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8D623636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8DC1641C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D622640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8DC17D96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8D6232F4] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DC30E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82CB57D0 4 Bytes [BA, 24, 62, 8D] .text ntkrnlpa.exe!KeSetEvent + 131 82CB57F4 4 Bytes [22, 7C, C1, 8D] {AND BH, [ECX+EAX*8-0x73]} .text ntkrnlpa.exe!KeSetEvent + 191 82CB5854 4 Bytes CALL E4FA2EDB .text ntkrnlpa.exe!KeSetEvent + 1D1 82CB5894 8 Bytes [A8, DF, 62, 8D, F4, DF, 62, ...] {TEST AL, 0xdf; BOUND ECX, [EBP-0x729d200c]} .text ntkrnlpa.exe!KeSetEvent + 1DE 82CB58A1 3 Bytes [E1, 62, 8D] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DE0633 5 Bytes JMP 8DC2DCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82E39593 5 Bytes JMP 8DC2F810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E42EB8 4 Bytes CALL 8D624A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E46B2C 4 Bytes CALL 8D624AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82E9AE8C 7 Bytes JMP 8DC30E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngCreateRectRgn + 4537 82100470 5 Bytes JMP 8D627FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + FDC 82110628 5 Bytes JMP 8D628090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 82119689 5 Bytes JMP 8D628CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 8211A475 5 Bytes JMP 8D628E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C4B 82122C1F 5 Bytes JMP 8D62756A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 82123B75 5 Bytes JMP 8D628A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30EF 8212F2A7 5 Bytes JMP 8D627EB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4561 82130719 5 Bytes JMP 8D6277C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 46B0 82130868 5 Bytes JMP 8D62816A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4C45 82130DFD 5 Bytes JMP 8D628182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 522D 821313E5 5 Bytes JMP 8D627CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A16 8214A295 5 Bytes JMP 8D627C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A6A 8214A2E9 5 Bytes JMP 8D627EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 82171378 5 Bytes JMP 8D62894C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DC 82173CD5 5 Bytes JMP 8D627670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3F 8217A66E 5 Bytes JMP 8D627834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B44 82184B04 5 Bytes JMP 8D628EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 821879FC 5 Bytes JMP 8D627688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 1D73 82191817 5 Bytes JMP 8D628A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + B990 821A1DBD 5 Bytes JMP 8D6280A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 8C4 821A5FAF 5 Bytes JMP 8D628BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6F70 821AC65B 5 Bytes JMP 8D6289F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 821AFDCA 5 Bytes JMP 8D628B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 821B76E9 5 Bytes JMP 8D627760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 821D5C8A 5 Bytes JMP 8D627A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 821DB532 5 Bytes JMP 8D6278F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 821DF06A 5 Bytes JMP 8D628D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 3765 821F7444 5 Bytes JMP 8D6280C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A15 821FD58D 5 Bytes JMP 8D627944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D28F 82209E07 5 Bytes JMP 8D627B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + 10D00 8220D878 5 Bytes JMP 8D627AB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ntdll.dll!LdrLoadDll 77B49378 5 Bytes [E9, 7B, 6E, 61, 88] {JMP 0x88616e80} .text ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes [E9, 77, 4D, 60, 88] {JMP 0x88604d7c} ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\svchost.exe[208] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[312] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\csrss.exe[572] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\wininit.exe[636] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 007401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 007403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, 00, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtMapViewOfSection + 6 77B8499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, 03, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, 00, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, 01, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B8A7C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, 02, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, 01, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, 02, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B8A841 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, 00, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B8A97F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, 01, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, 02, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, 03, 5D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00750600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00750804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00750A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 007501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 007503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 007603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00760600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00761014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00760804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00760A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00760C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00760E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1060] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 007601F8 .text C:\Windows\system32\Ati2evxx.exe[1096] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1272] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text ... .text C:\Windows\system32\wbem\unsecapp.exe[1428] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001601F8 .text C:\Windows\system32\wbem\unsecapp.exe[1428] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001603FC .text C:\Windows\system32\wbem\unsecapp.exe[1428] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\wbem\unsecapp.exe[1428] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\wbem\unsecapp.exe[1428] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00180600 .text C:\Windows\system32\wbem\unsecapp.exe[1428] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00180804 .text C:\Windows\system32\wbem\unsecapp.exe[1428] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00180A08 .text C:\Windows\system32\wbem\unsecapp.exe[1428] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001801F8 .text C:\Windows\system32\wbem\unsecapp.exe[1428] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\Ati2evxx.exe[1512] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1824] kernel32.dll!SetUnhandledExceptionFilter 7799A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1824] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\afwServ.exe[1860] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1968] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2012] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00091014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00090C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00090E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2208] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000901F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[2236] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2236] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2336] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2336] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2336] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00090600 .text C:\Windows\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00090804 .text C:\Windows\system32\svchost.exe[2336] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\svchost.exe[2336] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[2336] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 005101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 005103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, 50, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, 53, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, 50, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, 51, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B89710 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, 52, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, 51, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, 52, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B89791 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, 50, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B898CF C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, 51, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, 52, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, 53, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00520600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00520804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00520A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 005201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 005203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 005403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00540600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00541014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00540804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00540A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00540C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00540E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2376] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 005401F8 .text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2392] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2392] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[2392] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[2392] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[2392] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[2392] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2568] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2568] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[2568] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000103FC .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00010600 .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00011014 .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00010804 .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00010A08 .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00010C0C .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00010E10 .text C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000101F8 .text C:\Windows\system32\svchost.exe[2568] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00180600 .text C:\Windows\system32\svchost.exe[2568] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00180804 .text C:\Windows\system32\svchost.exe[2568] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00180A08 .text C:\Windows\system32\svchost.exe[2568] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[2568] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\SearchProtocolHost.exe[2576] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchProtocolHost.exe[2576] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000903FC .text C:\Windows\system32\SearchProtocolHost.exe[2576] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000A03FC .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 000A0600 .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 000A1014 .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 000A0804 .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 000A0A08 .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 000A0C0C .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 000A0E10 .text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000A01F8 .text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 000B0600 .text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2608] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2608] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2608] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2608] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2608] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[2608] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[2608] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[2608] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[2608] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2636] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2772] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[2772] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[2772] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000F03FC .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 000F0600 .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 000F1014 .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 000F0804 .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 000F0A08 .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 000F0C0C .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 000F0E10 .text C:\Windows\system32\SearchIndexer.exe[2772] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000F01F8 .text C:\Windows\system32\SearchIndexer.exe[2772] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00100600 .text C:\Windows\system32\SearchIndexer.exe[2772] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[2772] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[2772] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[2772] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001003FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001501F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001503FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001603FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00160600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00161014 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00160804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00160A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00160C0C .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00160E10 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001601F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00170600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00170804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2880] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 013201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 013203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, 40, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, 43, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, 40, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, 41, E0, 00] {TEST AL, 0x41; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B92B00 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, 42, E0, 00] {TEST AL, 0x42; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, 41, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, 42, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B92B81 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, 40, E0, 00] {TEST AL, 0x40; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B92CBF C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, 41, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, 42, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, 43, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 01330600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 01330804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 01330A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 013301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 013303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 013403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 01340600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 01341014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 01340804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 01340A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 01340C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 01340E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3148] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 013401F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001501F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001503FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00160600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00161014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00160804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00160A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00160C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00160E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00170600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00170804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00170A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3252] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000A03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 000A0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 000A1014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 000A0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 000A0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 000A0C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 000A0E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000A01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 000B0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 000B0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3268] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\Dwm.exe[3340] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[3340] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[3340] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[3340] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[3340] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[3340] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[3340] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[3340] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[3340] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Windows\Explorer.EXE[3368] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[3368] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[3368] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[3368] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[3368] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[3368] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[3368] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[3368] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[3368] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00170600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00170804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001803FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00180600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00180C0C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3488] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 00FB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 00FB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, 98, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, 9B, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, 98, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, 99, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B94058 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, 9A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, 99, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, 9A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B940D9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, 98, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B94217 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, 99, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, 9A, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, 9B, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00FC0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00FC0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00FC0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 00FC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 00FC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 010D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 010D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 010D1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 010D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 010D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 010D0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 010D0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3572] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 010D01F8 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3640] kernel32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 000C0600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 000C0804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3656] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000C03FC .text C:\Windows\ehome\ehtray.exe[3728] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehtray.exe[3728] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehtray.exe[3728] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehtray.exe[3728] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehtray.exe[3728] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[3728] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[3728] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[3728] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehtray.exe[3728] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000501F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000503FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000A03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 000A0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 000A1014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 000A0804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 000A0A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 000A0C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 000A0E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000A01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 000B0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 000B0804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 000B0A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3744] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 005E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 005E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, 28, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, 2B, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, 28, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, 29, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B8A2E8 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, 2A, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, 29, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, 2A, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B8A369 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, 28, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B8A4A7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, 29, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, 2A, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, 2B, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 005F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 005F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 005F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 005F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 005F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 006003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00600600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00601014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00600804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00600A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00600C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00600E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 006001F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00070600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00070804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000703FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000803FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00080600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00080C0C .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3852] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00170600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00170804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00180600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00180C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3892] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 010C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 010C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, D4, 02, 01] {SUB AH, DL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, D7, 02, 01] {SUB BH, DL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, D4, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, D5, 02, 01] {TEST AL, 0xd5; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B94D94 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, D6, 02, 01] {TEST AL, 0xd6; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, D5, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, D6, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B94E15 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, D4, 02, 01] {TEST AL, 0xd4; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B94F53 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, D5, 02, 01] {SUB CH, DL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, D6, 02, 01] {SUB DH, DL; ADD AL, [ECX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, D7, 02, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 010D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 010D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 010D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 010D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 010D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 010E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 010E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 010E1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 010E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 010E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 010E0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 010E0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3924] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 010E01F8 .text C:\Windows\system32\taskeng.exe[3960] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[3960] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[3960] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[3960] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[3960] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3960] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3960] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[3960] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[3960] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehmsas.exe[3976] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehmsas.exe[3976] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehmsas.exe[3976] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[3976] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[3976] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[3976] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[3976] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[3976] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[3976] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\conime.exe[4308] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000501F8 .text C:\Windows\system32\conime.exe[4308] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000503FC .text C:\Windows\system32\conime.exe[4308] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00060600 .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00060C0C .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\conime.exe[4308] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\conime.exe[4308] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00070600 .text C:\Windows\system32\conime.exe[4308] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\conime.exe[4308] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\conime.exe[4308] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\conime.exe[4308] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00010600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00010804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00010A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000101F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000103FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4364] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 008301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 008303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, 98, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, 9B, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, 98, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, 99, 7A, 00] {TEST AL, 0x99; JP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B8C558 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, 9A, 7A, 00] {TEST AL, 0x9a; JP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, 99, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, 9A, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B8C5D9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, 98, 7A, 00] {TEST AL, 0x98; JP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B8C717 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, 99, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, 9A, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, 9B, 7A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00840600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00840804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00840A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 008401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 008403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 008503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00850600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00851014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00850804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00850A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00850C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00850E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4424] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 008501F8 .text C:\Windows\system32\SearchFilterHost.exe[4832] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchFilterHost.exe[4832] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchFilterHost.exe[4832] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchFilterHost.exe[4832] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchFilterHost.exe[4832] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchFilterHost.exe[4832] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchFilterHost.exe[4832] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchFilterHost.exe[4832] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchFilterHost.exe[4832] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 008D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 008D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + 6 77B8424A 4 Bytes [28, A0, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + B 77B8424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + 6 77B8499A 4 Bytes [28, A3, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + B 77B8499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + 6 77B84A2A 4 Bytes [68, A0, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + B 77B84A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + 6 77B84AAA 4 Bytes [A8, A1, 77, 00] {TEST AL, 0xa1; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + B 77B84AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + 6 77B84ABA 4 Bytes CALL 76B8C260 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + B 77B84ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + 6 77B84ACA 4 Bytes [A8, A2, 77, 00] {TEST AL, 0xa2; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + B 77B84ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + 6 77B84B1A 4 Bytes [68, A1, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + B 77B84B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + 6 77B84B2A 4 Bytes [68, A2, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + B 77B84B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + 6 77B84B3A 4 Bytes CALL 76B8C2E1 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + B 77B84B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + 6 77B84BCA 4 Bytes [A8, A0, 77, 00] {TEST AL, 0xa0; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + B 77B84BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + 6 77B84C7A 4 Bytes CALL 76B8C41F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + B 77B84C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + 6 77B8515A 4 Bytes [28, A1, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + B 77B8515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + 6 77B851AA 4 Bytes [28, A2, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + B 77B851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + 6 77B8544A 4 Bytes [68, A3, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + B 77B8544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 008E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 008E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 008E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 008E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 008E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 008F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 008F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 008F1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 008F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 008F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 008F0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 008F0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 008F01F8 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ntdll.dll!LdrLoadDll 77B49378 5 Bytes JMP 001601F8 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ntdll.dll!LdrUnloadDll 77B5B680 5 Bytes JMP 001603FC .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] KERNEL32.dll!GetBinaryTypeW + 70 779C2447 1 Byte [62] .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!CreateServiceW 77769EB4 5 Bytes JMP 001703FC .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!DeleteService 7776A07E 5 Bytes JMP 00170600 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!SetServiceObjectSecurity 777A6CD9 5 Bytes JMP 00171014 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!ChangeServiceConfigA 777A6DD9 5 Bytes JMP 00170804 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!ChangeServiceConfigW 777A6F81 5 Bytes JMP 00170A08 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!ChangeServiceConfig2A 777A7099 5 Bytes JMP 00170C0C .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!ChangeServiceConfig2W 777A71E1 5 Bytes JMP 00170E10 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] ADVAPI32.dll!CreateServiceA 777A72A1 5 Bytes JMP 001701F8 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] USER32.dll!SetWindowsHookExA 77CE6322 5 Bytes JMP 00180600 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] USER32.dll!SetWindowsHookExW 77CE87AD 5 Bytes JMP 00180804 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] USER32.dll!UnhookWindowsHookEx 77CE98DB 5 Bytes JMP 00180A08 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] USER32.dll!SetWinEventHook 77CE9F3A 5 Bytes JMP 001801F8 .text C:\Users\Magda\Downloads\10skcwvm.exe[5284] USER32.dll!UnhookWinEvent 77CEC06F 5 Bytes JMP 001803FC ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Windows\system32\services.exe[712] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002 IAT C:\Windows\system32\services.exe[712] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1060] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00700010 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [737AF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Alwil Software\Avast5\afwServ.exe[1860] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [737AF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2376] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 004E0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3148] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E30010 IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749E73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3572] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00F80010 IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [737AF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3764] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 005B0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3924] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01050010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 007C0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5032] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 007A0010 ---- EOF - GMER 2.0 ----