GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-31 03:40:11 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 SAMSUNG_HM500JI rev.2AC101C4 Running: mtropvg5.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C417FC4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C41A456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C41A4AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C41A5C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C41A3AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8C41A4FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C41A400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C41A572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C417FE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8C417DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C41800C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C41A9BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C418AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C41A486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C41A4D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C41A5EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C41A3D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C41A53E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C41A42E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C41A59C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C41896A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C418030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C418054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C417E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C417F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C417F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C417F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C418078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C96E7A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828C4890 4 Bytes [C4, 7F, 41, 8C] .text ntkrnlpa.exe!KeSetEvent + 1D1 828C4954 8 Bytes [56, A4, 41, 8C, AE, A4, 41, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 828C4960 4 Bytes [C4, A5, 41, 8C] .text ntkrnlpa.exe!KeSetEvent + 1F5 828C4978 4 Bytes [AC, A3, 41, 8C] .text ntkrnlpa.exe!KeSetEvent + 215 828C4998 8 Bytes [FE, A4, 41, 8C, 00, A4, 41, ...] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829EF62F 5 Bytes JMP 8C96B69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82A48543 5 Bytes JMP 8C96D15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A51E68 4 Bytes CALL 8C419025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A55ADC 4 Bytes CALL 8C41903B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AA9DCA 7 Bytes JMP 8C96E7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[564] KERNEL32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\wininit.exe[608] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[608] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[608] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00060C0C .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00070600 .text C:\Windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\wininit.exe[608] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\wininit.exe[608] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\wininit.exe[608] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\csrss.exe[620] KERNEL32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\services.exe[652] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[652] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[652] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[652] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[652] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[652] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[652] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[652] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[664] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\lsass.exe[664] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000903FC .text C:\Windows\system32\lsass.exe[664] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\lsass.exe[664] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\lsass.exe[664] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\lsm.exe[676] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[676] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[676] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[676] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[700] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[700] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[700] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[700] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[700] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00110600 .text C:\Windows\System32\spoolsv.exe[700] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00110804 .text C:\Windows\System32\spoolsv.exe[700] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00110A08 .text C:\Windows\System32\spoolsv.exe[700] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001101F8 .text C:\Windows\System32\spoolsv.exe[700] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001103FC .text C:\Windows\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000701F8 .text C:\Windows\system32\winlogon.exe[752] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000703FC .text C:\Windows\system32\winlogon.exe[752] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000903FC .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00090600 .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00091014 .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00090804 .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00090A08 .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00090C0C .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00090E10 .text C:\Windows\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000901F8 .text C:\Windows\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 000A0600 .text C:\Windows\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 000A0804 .text C:\Windows\system32\winlogon.exe[752] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 000A0A08 .text C:\Windows\system32\winlogon.exe[752] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000A01F8 .text C:\Windows\system32\winlogon.exe[752] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000A03FC .text C:\Windows\system32\taskeng.exe[772] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[772] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[772] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[772] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[772] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[772] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[772] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[772] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[772] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[856] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[856] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[856] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 001F0804 .text C:\Windows\system32\svchost.exe[856] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 001F0A08 .text C:\Windows\system32\svchost.exe[856] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001F01F8 .text C:\Windows\system32\svchost.exe[856] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001F03FC .text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00210600 .text C:\Windows\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00210804 .text C:\Windows\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00210A08 .text C:\Windows\system32\svchost.exe[940] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 002101F8 .text C:\Windows\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 002103FC .text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 001E0600 .text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 001E0804 .text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 001E0A08 .text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001E01F8 .text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001E03FC .text C:\Windows\Explorer.EXE[1016] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[1016] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[1016] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[1016] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[1016] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[1016] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[1016] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[1016] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[1016] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00250600 .text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00250804 .text C:\Windows\System32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00250A08 .text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 002501F8 .text C:\Windows\System32\svchost.exe[1064] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 002503FC .text C:\Windows\System32\svchost.exe[1104] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00DA0600 .text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00DA0804 .text C:\Windows\System32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00DA0A08 .text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 00DA01F8 .text C:\Windows\System32\svchost.exe[1104] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 00DA03FC .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1140] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00140600 .text C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00140804 .text C:\Windows\system32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00140A08 .text C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001401F8 .text C:\Windows\system32\svchost.exe[1140] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001403FC .text C:\Windows\system32\AUDIODG.EXE[1244] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1268] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[1268] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[1268] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[1268] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[1268] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[1268] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[1268] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[1268] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[1268] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00960600 .text C:\Windows\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00960804 .text C:\Windows\system32\svchost.exe[1364] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00960A08 .text C:\Windows\system32\svchost.exe[1364] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 009601F8 .text C:\Windows\system32\svchost.exe[1364] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 009603FC .text C:\Windows\system32\taskeng.exe[1380] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[1380] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[1380] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[1380] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[1380] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[1380] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[1380] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[1380] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1380] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtCreateFile + 6 776C422A 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtCreateFile + B 776C422F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtMapViewOfSection + 6 776C497A 1 Byte [28] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtMapViewOfSection + 6 776C497A 4 Bytes [28, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtMapViewOfSection + B 776C497F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenFile + 6 776C4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenFile + B 776C4A0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenProcess + 6 776C4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenProcess + B 776C4A8F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenProcessToken + B 776C4A9F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenProcessTokenEx + 6 776C4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenProcessTokenEx + B 776C4AAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenThread + 6 776C4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenThread + B 776C4AFF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenThreadToken + 6 776C4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenThreadToken + B 776C4B0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtOpenThreadTokenEx + B 776C4B1F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtQueryAttributesFile + 6 776C4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtQueryAttributesFile + B 776C4BAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtQueryFullAttributesFile + B 776C4C5F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtSetInformationFile + 6 776C513A 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtSetInformationFile + B 776C513F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtSetInformationThread + 6 776C518A 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtSetInformationThread + B 776C518F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 1 Byte [68] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 4 Bytes [68, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ntdll.dll!NtUnmapViewOfSection + B 776C542F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 002A0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 002A0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 002A0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 002A01F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 002A03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 002B03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 002B0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 002B1014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 002B0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 002B0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 002B0C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 002B0E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 002B01F8 .text C:\Windows\system32\svchost.exe[1584] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1584] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 008F0600 .text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 008F0804 .text C:\Windows\system32\svchost.exe[1584] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 008F0A08 .text C:\Windows\system32\svchost.exe[1584] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 008F01F8 .text C:\Windows\system32\svchost.exe[1584] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 008F03FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1820] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 76E7A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1828] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00070600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00070804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00070A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000803FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00080600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00081014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00080804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00080A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00080C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00080E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1860] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\rundll32.exe[2088] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000601F8 .text C:\Windows\system32\rundll32.exe[2088] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000603FC .text C:\Windows\system32\rundll32.exe[2088] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\rundll32.exe[2088] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00070600 .text C:\Windows\system32\rundll32.exe[2088] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\rundll32.exe[2088] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\rundll32.exe[2088] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\rundll32.exe[2088] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00080C0C .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\rundll32.exe[2088] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\igfxsrvc.exe[2140] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxsrvc.exe[2140] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxsrvc.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[2140] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxsrvc.exe[2140] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxsrvc.exe[2140] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxsrvc.exe[2140] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxsrvc.exe[2140] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00180600 .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00180C0C .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\igfxsrvc.exe[2140] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00081014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00080C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00080E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2268] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000801F8 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000901F8 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000903FC .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000B03FC .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 000B0600 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 000B1014 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 000B0804 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 000B0A08 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 000B0C0C .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 000B0E10 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000B01F8 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 000C0600 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 000C0804 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 000C0A08 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2324] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\svchost.exe[2336] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2336] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2336] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2388] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00190600 .text C:\Windows\system32\svchost.exe[2388] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00190804 .text C:\Windows\system32\svchost.exe[2388] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00190A08 .text C:\Windows\system32\svchost.exe[2388] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[2388] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001903FC .text C:\Windows\system32\svchost.exe[2412] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2412] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2412] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2412] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[2536] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2536] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2536] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2536] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2568] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[2568] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[2568] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2568] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[2568] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[2568] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[2568] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[2568] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00070600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00070804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00070A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000803FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00080600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00081014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00080804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00080A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00080C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00080E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2660] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000801F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00070600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00070804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00070A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000803FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00080600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00081014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00080804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00080A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00080C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00080E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000801F8 .text C:\Program Files\Skype\Phone\Skype.exe[3288] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 001501F8 .text C:\Program Files\Skype\Phone\Skype.exe[3288] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 001503FC .text C:\Program Files\Skype\Phone\Skype.exe[3288] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[3288] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00270600 .text C:\Program Files\Skype\Phone\Skype.exe[3288] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00270804 .text C:\Program Files\Skype\Phone\Skype.exe[3288] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00270A08 .text C:\Program Files\Skype\Phone\Skype.exe[3288] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 002701F8 .text C:\Program Files\Skype\Phone\Skype.exe[3288] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 002703FC .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 002603FC .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00260600 .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00261014 .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00260804 .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00260A08 .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00260C0C .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00260E10 .text C:\Program Files\Skype\Phone\Skype.exe[3288] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 002601F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtCreateFile + 6 776C422A 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtCreateFile + B 776C422F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtMapViewOfSection + 6 776C497A 1 Byte [28] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtMapViewOfSection + 6 776C497A 4 Bytes [28, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtMapViewOfSection + B 776C497F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenFile + 6 776C4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenFile + B 776C4A0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcess + 6 776C4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcess + B 776C4A8F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcessToken + B 776C4A9F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcessTokenEx + 6 776C4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenProcessTokenEx + B 776C4AAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThread + 6 776C4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThread + B 776C4AFF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThreadToken + 6 776C4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThreadToken + B 776C4B0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtOpenThreadTokenEx + B 776C4B1F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtQueryAttributesFile + 6 776C4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtQueryAttributesFile + B 776C4BAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtQueryFullAttributesFile + B 776C4C5F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationFile + 6 776C513A 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationFile + B 776C513F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationThread + 6 776C518A 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtSetInformationThread + B 776C518F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 1 Byte [68] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 4 Bytes [68, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ntdll.dll!NtUnmapViewOfSection + B 776C542F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 002A0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 002A0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 002A0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 002A01F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 002A03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 002B03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 002B0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 002B1014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 002B0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 002B0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 002B0C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 002B0E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 002B01F8 .text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3684] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtCreateFile + 6 776C422A 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtCreateFile + B 776C422F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtMapViewOfSection + 6 776C497A 1 Byte [28] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtMapViewOfSection + 6 776C497A 4 Bytes [28, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtMapViewOfSection + B 776C497F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenFile + 6 776C4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenFile + B 776C4A0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcess + 6 776C4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcess + B 776C4A8F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcessToken + B 776C4A9F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcessTokenEx + 6 776C4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenProcessTokenEx + B 776C4AAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThread + 6 776C4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThread + B 776C4AFF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThreadToken + 6 776C4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThreadToken + B 776C4B0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtOpenThreadTokenEx + B 776C4B1F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtQueryAttributesFile + 6 776C4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtQueryAttributesFile + B 776C4BAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtQueryFullAttributesFile + B 776C4C5F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationFile + 6 776C513A 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationFile + B 776C513F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationThread + 6 776C518A 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtSetInformationThread + B 776C518F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 1 Byte [68] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 4 Bytes [68, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ntdll.dll!NtUnmapViewOfSection + B 776C542F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 001A0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 001A0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 001A0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001A01F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001A03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 009F03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 009F0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 009F1014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 009F0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 009F0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 009F0C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 009F0E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 009F01F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtCreateFile + 6 776C422A 4 Bytes [28, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtCreateFile + B 776C422F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtMapViewOfSection + 6 776C497A 1 Byte [28] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtMapViewOfSection + 6 776C497A 4 Bytes [28, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtMapViewOfSection + B 776C497F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenFile + 6 776C4A0A 4 Bytes [68, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenFile + B 776C4A0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenProcess + 6 776C4A8A 4 Bytes [A8, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenProcess + B 776C4A8F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenProcessToken + B 776C4A9F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenProcessTokenEx + 6 776C4AAA 4 Bytes [A8, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenProcessTokenEx + B 776C4AAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenThread + 6 776C4AFA 4 Bytes [68, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenThread + B 776C4AFF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenThreadToken + 6 776C4B0A 4 Bytes [68, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenThreadToken + B 776C4B0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtOpenThreadTokenEx + B 776C4B1F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtQueryAttributesFile + 6 776C4BAA 4 Bytes [A8, 00, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtQueryAttributesFile + B 776C4BAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtQueryFullAttributesFile + B 776C4C5F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtSetInformationFile + 6 776C513A 4 Bytes [28, 01, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtSetInformationFile + B 776C513F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtSetInformationThread + 6 776C518A 4 Bytes [28, 02, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtSetInformationThread + B 776C518F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 1 Byte [68] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 4 Bytes [68, 03, 06, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ntdll.dll!NtUnmapViewOfSection + B 776C542F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 000A0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 000A0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 000A0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000A01F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000A03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000B03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 000B0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 000B1014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 000B0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 000B0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 000B0C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 000B0E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[4124] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[4124] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[4124] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[4124] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[4124] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[4124] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[4124] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[4124] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[4124] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 65EAB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000903FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00090600 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00091014 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00090804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00090A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00090C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00090E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[4144] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000901F8 .text C:\Windows\system32\Taskmgr.exe[4172] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\Taskmgr.exe[4172] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Windows\system32\Taskmgr.exe[4172] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Taskmgr.exe[4172] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Taskmgr.exe[4172] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Taskmgr.exe[4172] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Taskmgr.exe[4172] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Taskmgr.exe[4172] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Taskmgr.exe[4172] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 001303FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 00130600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 00131014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 00130804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 00130A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 00130C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 00130E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 001301F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 00140600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 00140804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 00140A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 001401F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 001403FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!SetWindowLongA 775CE7CD 5 Bytes JMP 66283A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!SetWindowLongW 775D13B4 5 Bytes JMP 66283A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!GetWindowInfo 775D428E 5 Bytes JMP 6602C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4548] USER32.dll!TrackPopupMenu 775E14F3 5 Bytes JMP 6602CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\NOTEPAD.EXE[4828] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\NOTEPAD.EXE[4828] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 000903FC .text C:\Windows\system32\NOTEPAD.EXE[4828] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\NOTEPAD.EXE[4828] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\NOTEPAD.EXE[4828] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\NOTEPAD.EXE[4828] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\NOTEPAD.EXE[4828] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\NOTEPAD.EXE[4828] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\NOTEPAD.EXE[4828] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 000C03FC .text C:\Users\user\Desktop\mtropvg5.exe[5292] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!LdrLoadDll 776893A8 5 Bytes JMP 001701F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!LdrUnloadDll 7769B740 5 Bytes JMP 001703FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateFile + 6 776C422A 4 Bytes [28, 00, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateFile + B 776C422F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtMapViewOfSection + 6 776C497A 1 Byte [28] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtMapViewOfSection + 6 776C497A 4 Bytes [28, 03, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtMapViewOfSection + B 776C497F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenFile + 6 776C4A0A 4 Bytes [68, 00, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenFile + B 776C4A0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcess + 6 776C4A8A 4 Bytes [A8, 01, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcess + B 776C4A8F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessToken + B 776C4A9F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessTokenEx + 6 776C4AAA 4 Bytes [A8, 02, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessTokenEx + B 776C4AAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThread + 6 776C4AFA 4 Bytes [68, 01, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThread + B 776C4AFF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadToken + 6 776C4B0A 4 Bytes [68, 02, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadToken + B 776C4B0F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadTokenEx + B 776C4B1F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryAttributesFile + 6 776C4BAA 4 Bytes [A8, 00, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryAttributesFile + B 776C4BAF 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryFullAttributesFile + B 776C4C5F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationFile + 6 776C513A 4 Bytes [28, 01, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationFile + B 776C513F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationThread + 6 776C518A 4 Bytes [28, 02, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationThread + B 776C518F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 1 Byte [68] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnmapViewOfSection + 6 776C542A 4 Bytes [68, 03, 16, 00] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnmapViewOfSection + B 776C542F 1 Byte [E2] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] kernel32.dll!GetBinaryTypeW + 70 76EA2247 1 Byte [62] .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] USER32.dll!SetWindowsHookExA 775C6322 5 Bytes JMP 002A0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] USER32.dll!SetWindowsHookExW 775C87AD 5 Bytes JMP 002A0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] USER32.dll!UnhookWindowsHookEx 775C98DB 5 Bytes JMP 002A0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] USER32.dll!SetWinEventHook 775C9F3A 5 Bytes JMP 002A01F8 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] USER32.dll!UnhookWinEvent 775CC06F 5 Bytes JMP 002A03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!CreateServiceW 76FF9EB4 5 Bytes JMP 002B03FC .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!DeleteService 76FFA07E 5 Bytes JMP 002B0600 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!SetServiceObjectSecurity 77036CD9 5 Bytes JMP 002B1014 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!ChangeServiceConfigA 77036DD9 5 Bytes JMP 002B0804 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!ChangeServiceConfigW 77036F81 5 Bytes JMP 002B0A08 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!ChangeServiceConfig2A 77037099 5 Bytes JMP 002B0C0C .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!ChangeServiceConfig2W 770371E1 5 Bytes JMP 002B0E10 .text C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!CreateServiceA 770372A1 5 Bytes JMP 002B01F8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001C0002 IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001C0000 IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7441A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7444CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1016] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[1548] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3452] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3748] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[3928] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe[6108] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\BTHUSB \Device\00000093 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000095 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbdd14a Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) ---- EOF - GMER 1.0.15 ----