GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-09 16:48:27 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010M Running: uz66bip1.exe; Driver: C:\Users\HashMan\AppData\Local\Temp\awdiifow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FE764BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x94417C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8FE76ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FE81FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FE81FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FE82176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FE81F16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x94417FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FE81F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8FE7711C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8FE772F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FE82130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8FE7793E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FE76508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x94417CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x944163EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FE76556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FE7B534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FE783A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FE81FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FE82016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FE8219A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FE81F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FE820BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FE81F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FE82154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94417E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FE78272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8FE77F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FE765A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FE765F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8FE777BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FE761FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FE763AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FE76350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8FE77AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8FE77C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FE7641A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x94417EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8FE77636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9441641C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FE76640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x94417D96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x94430E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82E79839 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E9E3F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 82EA5BA4 4 Bytes [BA, 64, E7, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EA5BCC 4 Bytes [22, 7C, 41, 94] {AND BH, [ECX+EAX*2-0x6c]} .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82EA5C2C 4 Bytes [D6, 6E, E7, 8F] {SALC ; OUTSB ; OUT 0x8f, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82EA5C80 8 Bytes [A8, 1F, E8, 8F, F4, 1F, E8, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82EA5C8C 4 Bytes [76, 21, E8, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830403BE 5 Bytes JMP 9442DCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 8305A0CD 5 Bytes JMP 9442F828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830A4784 4 Bytes CALL 8FE78A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830AC895 4 Bytes CALL 8FE78AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 83112506 7 Bytes JMP 94430E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94E0D000, 0x2D5526, 0xE8000020] .text kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text sechost.dll!SetServiceObjectSecurity 763D5181 5 Bytes [E9, 8E, BE, E2, 89] {JMP 0xffffffff89e2be93} .text sechost.dll!ChangeServiceConfigA 763D5254 5 Bytes [E9, AB, B5, E2, 89] {JMP 0xffffffff89e2b5b0} .text sechost.dll!ChangeServiceConfigW 763D53D5 5 Bytes [E9, 2E, B6, E2, 89] {JMP 0xffffffff89e2b633} .text sechost.dll!ChangeServiceConfig2A 763D54C2 5 Bytes [E9, 45, B7, E2, 89] {JMP 0xffffffff89e2b74a} .text sechost.dll!ChangeServiceConfig2W 763D55E2 5 Bytes [E9, 29, B8, E2, 89] {JMP 0xffffffff89e2b82e} .text sechost.dll!CreateServiceA 763D567C 5 Bytes [E9, 77, AB, E2, 89] {JMP 0xffffffff89e2ab7c} .text sechost.dll!CreateServiceW 763D589F 5 Bytes [E9, 58, AB, E2, 89] {JMP 0xffffffff89e2ab5d} .text sechost.dll!DeleteService 763D5A22 5 Bytes [E9, D9, AB, E2, 89] {JMP 0xffffffff89e2abde} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[328] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[396] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Windows\system32\svchost.exe[396] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[396] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[396] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\svchost.exe[396] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001103FC .text C:\Windows\system32\svchost.exe[396] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00110804 .text C:\Windows\system32\svchost.exe[396] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\svchost.exe[396] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00110600 .text C:\Windows\system32\csrss.exe[488] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[492] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001703FC .text C:\Program Files\Bonjour\mDNSResponder.exe[492] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001701F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[492] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[492] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00190A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[492] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001903FC .text C:\Program Files\Bonjour\mDNSResponder.exe[492] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00190804 .text C:\Program Files\Bonjour\mDNSResponder.exe[492] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001901F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[492] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00190600 .text C:\Windows\system32\wininit.exe[664] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\csrss.exe[680] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\services.exe[724] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\winlogon.exe[772] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtCreateFile + 6 77B246B6 4 Bytes [28, 40, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtCreateFile + B 77B246BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtMapViewOfSection + 6 77B24D16 4 Bytes [28, 43, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtMapViewOfSection + B 77B24D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenFile + 6 77B24DC6 4 Bytes [68, 40, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenFile + B 77B24DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcess + 6 77B24E76 4 Bytes [A8, 41, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcess + B 77B24E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessToken + 6 77B24E86 4 Bytes CALL 76B2E4CC C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessToken + B 77B24E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessTokenEx + 6 77B24E96 4 Bytes [A8, 42, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenProcessTokenEx + B 77B24E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThread + 6 77B24EF6 4 Bytes [68, 41, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThread + B 77B24EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadToken + 6 77B24F06 4 Bytes [68, 42, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadToken + B 77B24F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadTokenEx + 6 77B24F16 4 Bytes CALL 76B2E55D C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtOpenThreadTokenEx + B 77B24F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryAttributesFile + 6 77B25026 4 Bytes [A8, 40, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryAttributesFile + B 77B2502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryFullAttributesFile + 6 77B250D6 4 Bytes CALL 76B2E71B C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtQueryFullAttributesFile + B 77B250DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationFile + 6 77B25726 4 Bytes [28, 41, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationFile + B 77B2572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationThread + 6 77B25786 4 Bytes [28, 42, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtSetInformationThread + B 77B2578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtUnmapViewOfSection + 6 77B25AA6 4 Bytes [68, 43, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!NtUnmapViewOfSection + B 77B25AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 00A703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 00A701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00A80A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 00A803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00A80804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 00A801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1280] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00A80600 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001F03FC .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 001F0804 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[1336] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 001F0600 .text C:\Program Files\iPod\bin\iPodService.exe[1372] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Program Files\iPod\bin\iPodService.exe[1372] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Program Files\iPod\bin\iPodService.exe[1372] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[1372] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00100A08 .text C:\Program Files\iPod\bin\iPodService.exe[1372] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001003FC .text C:\Program Files\iPod\bin\iPodService.exe[1372] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00100804 .text C:\Program Files\iPod\bin\iPodService.exe[1372] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001001F8 .text C:\Program Files\iPod\bin\iPodService.exe[1372] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1564] kernel32.dll!SetUnhandledExceptionFilter 775B30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1564] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1588] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[1588] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[1588] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1588] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\taskeng.exe[1588] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\taskeng.exe[1588] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\taskeng.exe[1588] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\taskeng.exe[1588] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 000C0600 .text C:\Windows\System32\spoolsv.exe[1952] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Windows\System32\spoolsv.exe[1952] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Windows\System32\spoolsv.exe[1952] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00100A08 .text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001003FC .text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00100804 .text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001001F8 .text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Windows\system32\svchost.exe[1980] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[1980] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1980] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\svchost.exe[1980] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001103FC .text C:\Windows\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00110804 .text C:\Windows\system32\svchost.exe[1980] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00110600 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001703FC .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001701F8 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00190A08 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001903FC .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00190804 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001901F8 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2052] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 001A0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001A03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 001A0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001A01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2064] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 001A0600 .text C:\Windows\System32\svchost.exe[2296] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Windows\System32\svchost.exe[2296] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Windows\System32\svchost.exe[2296] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[2296] user32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00110A08 .text C:\Windows\System32\svchost.exe[2296] user32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001103FC .text C:\Windows\System32\svchost.exe[2296] user32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00110804 .text C:\Windows\System32\svchost.exe[2296] user32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001101F8 .text C:\Windows\System32\svchost.exe[2296] user32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00110600 .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001703FC .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001701F8 .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00190A08 .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001903FC .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00190804 .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001901F8 .text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2628] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00190600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtCreateFile + 6 77B246B6 4 Bytes [28, 68, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtCreateFile + B 77B246BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + 6 77B24D16 4 Bytes [28, 6B, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtMapViewOfSection + B 77B24D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenFile + 6 77B24DC6 4 Bytes [68, 68, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenFile + B 77B24DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcess + 6 77B24E76 4 Bytes [A8, 69, 75, 00] {TEST AL, 0x69; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcess + B 77B24E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessToken + 6 77B24E86 4 Bytes CALL 76B2C3F4 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessToken + B 77B24E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessTokenEx + 6 77B24E96 4 Bytes [A8, 6A, 75, 00] {TEST AL, 0x6a; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenProcessTokenEx + B 77B24E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThread + 6 77B24EF6 4 Bytes [68, 69, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThread + B 77B24EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadToken + 6 77B24F06 4 Bytes [68, 6A, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadToken + B 77B24F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadTokenEx + 6 77B24F16 4 Bytes CALL 76B2C485 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtOpenThreadTokenEx + B 77B24F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryAttributesFile + 6 77B25026 4 Bytes [A8, 68, 75, 00] {TEST AL, 0x68; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryAttributesFile + B 77B2502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryFullAttributesFile + 6 77B250D6 4 Bytes CALL 76B2C643 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtQueryFullAttributesFile + B 77B250DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationFile + 6 77B25726 4 Bytes [28, 69, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationFile + B 77B2572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationThread + 6 77B25786 4 Bytes [28, 6A, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtSetInformationThread + B 77B2578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtUnmapViewOfSection + 6 77B25AA6 4 Bytes [68, 6B, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!NtUnmapViewOfSection + B 77B25AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 007B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 007B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 007C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 007C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 007C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 007C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2688] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 007C0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002003FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00200804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002001F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2724] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00200600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2748] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00100600 .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001703FC .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001701F8 .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] user32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00190A08 .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] user32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001903FC .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] user32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00190804 .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] user32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001901F8 .text C:\Program Files\Total Commander\TOTALCMD.EXE[2892] user32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00190600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00110A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001103FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00110804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001101F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2952] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00110600 .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00210A08 .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002103FC .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00210804 .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002101F8 .text C:\Users\HashMan\Downloads\uz66bip1.exe[2972] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00210600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001F03FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001F01F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002103FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00210804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002101F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2992] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00210600 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002003FC .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00200804 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002001F8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3080] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00200600 .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001703FC .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001701F8 .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00180A08 .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001803FC .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00180804 .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001801F8 .text C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe[3180] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00180600 .text C:\Windows\system32\LogonUI.exe[3320] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Windows\system32\LogonUI.exe[3320] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Windows\system32\LogonUI.exe[3320] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\LogonUI.exe[3320] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\LogonUI.exe[3320] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 000F03FC .text C:\Windows\system32\LogonUI.exe[3320] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\LogonUI.exe[3320] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\LogonUI.exe[3320] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\atieclxx.exe[3340] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001703FC .text C:\Windows\system32\atieclxx.exe[3340] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001701F8 .text C:\Windows\system32\atieclxx.exe[3340] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\atieclxx.exe[3340] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 002F0A08 .text C:\Windows\system32\atieclxx.exe[3340] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002F03FC .text C:\Windows\system32\atieclxx.exe[3340] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 002F0804 .text C:\Windows\system32\atieclxx.exe[3340] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002F01F8 .text C:\Windows\system32\atieclxx.exe[3340] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 002F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtCreateFile + 6 77B246B6 4 Bytes CALL 5AB14737 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtCreateFile + B 77B246BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtMapViewOfSection + 6 77B24D16 4 Bytes [28, EB, 7C, 00] {SUB BL, CH; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtMapViewOfSection + B 77B24D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenFile + 6 77B24DC6 4 Bytes CALL 5AB14E47 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenFile + B 77B24DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcess + 6 77B24E76 4 Bytes JMP 5AB14EF7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcess + B 77B24E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessToken + 6 77B24E86 4 Bytes CALL 76B2CB74 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessToken + B 77B24E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessTokenEx + 6 77B24E96 4 Bytes JMP E2FF007C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessTokenEx + B 77B24E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThread + 6 77B24EF6 4 Bytes JMP 5AB14F77 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThread + B 77B24EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadToken + 6 77B24F06 4 Bytes JMP E2FF007C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadToken + B 77B24F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadTokenEx + 6 77B24F16 4 Bytes CALL 76B2CC05 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadTokenEx + B 77B24F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryAttributesFile + 6 77B25026 4 Bytes CALL 5AB150A7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryAttributesFile + B 77B2502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryFullAttributesFile + 6 77B250D6 4 Bytes CALL 76B2CDC3 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryFullAttributesFile + B 77B250DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationFile + 6 77B25726 4 Bytes JMP 5AB157A7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationFile + B 77B2572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationThread + 6 77B25786 4 Bytes JMP E2FF007C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationThread + B 77B2578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtUnmapViewOfSection + 6 77B25AA6 4 Bytes [68, EB, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtUnmapViewOfSection + B 77B25AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 008103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 008101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00820A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 008203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00820804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 008201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3396] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00820600 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001F03FC .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 001F0804 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3472] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\taskhost.exe[3504] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000603FC .text C:\Windows\system32\taskhost.exe[3504] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskhost.exe[3504] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\taskhost.exe[3504] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskhost.exe[3504] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 000703FC .text C:\Windows\system32\taskhost.exe[3504] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00070804 .text C:\Windows\system32\taskhost.exe[3504] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskhost.exe[3504] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[3584] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[3584] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[3584] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\Dwm.exe[3584] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00180A08 .text C:\Windows\system32\Dwm.exe[3584] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001803FC .text C:\Windows\system32\Dwm.exe[3584] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00180804 .text C:\Windows\system32\Dwm.exe[3584] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001801F8 .text C:\Windows\system32\Dwm.exe[3584] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00180600 .text C:\Windows\Explorer.EXE[3632] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Windows\Explorer.EXE[3632] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Windows\Explorer.EXE[3632] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\Explorer.EXE[3632] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00100A08 .text C:\Windows\Explorer.EXE[3632] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001003FC .text C:\Windows\Explorer.EXE[3632] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00100804 .text C:\Windows\Explorer.EXE[3632] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001001F8 .text C:\Windows\Explorer.EXE[3632] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00100600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002003FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00200804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002001F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3828] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00200600 .text C:\Windows\system32\wuauclt.exe[3872] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000C03FC .text C:\Windows\system32\wuauclt.exe[3872] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wuauclt.exe[3872] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3872] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 000D0A08 .text C:\Windows\system32\wuauclt.exe[3872] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 000D03FC .text C:\Windows\system32\wuauclt.exe[3872] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 000D0804 .text C:\Windows\system32\wuauclt.exe[3872] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 000D01F8 .text C:\Windows\system32\wuauclt.exe[3872] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 000D0600 .text C:\Program Files\iTunes\iTunesHelper.exe[3892] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Program Files\iTunes\iTunesHelper.exe[3892] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Program Files\iTunes\iTunesHelper.exe[3892] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[3892] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\iTunes\iTunesHelper.exe[3892] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002003FC .text C:\Program Files\iTunes\iTunesHelper.exe[3892] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00200804 .text C:\Program Files\iTunes\iTunesHelper.exe[3892] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002001F8 .text C:\Program Files\iTunes\iTunesHelper.exe[3892] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00200600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4016] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 000F03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 000F0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[4148] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\SearchIndexer.exe[4484] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[4484] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[4484] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[4484] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\SearchIndexer.exe[4484] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001403FC .text C:\Windows\system32\SearchIndexer.exe[4484] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00140804 .text C:\Windows\system32\SearchIndexer.exe[4484] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\SearchIndexer.exe[4484] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00140600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00230A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002303FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00230804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002301F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4620] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00230600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtCreateFile + 6 77B246B6 4 Bytes [28, 3C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtCreateFile + B 77B246BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtMapViewOfSection + 6 77B24D16 4 Bytes [28, 3F, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtMapViewOfSection + B 77B24D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenFile + 6 77B24DC6 4 Bytes [68, 3C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenFile + B 77B24DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcess + 6 77B24E76 4 Bytes [A8, 3D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcess + B 77B24E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessToken + B 77B24E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessTokenEx + 6 77B24E96 4 Bytes [A8, 3E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenProcessTokenEx + B 77B24E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThread + 6 77B24EF6 4 Bytes [68, 3D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThread + B 77B24EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadToken + 6 77B24F06 4 Bytes [68, 3E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadToken + B 77B24F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtOpenThreadTokenEx + B 77B24F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryAttributesFile + 6 77B25026 4 Bytes [A8, 3C, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryAttributesFile + B 77B2502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtQueryFullAttributesFile + B 77B250DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationFile + 6 77B25726 4 Bytes [28, 3D, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationFile + B 77B2572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationThread + 6 77B25786 4 Bytes [28, 3E, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtSetInformationThread + B 77B2578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtUnmapViewOfSection + 6 77B25AA6 4 Bytes [68, 3F, EC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!NtUnmapViewOfSection + B 77B25AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 00F903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 00F901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00FB0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 00FB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00FB0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 00FB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4708] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00FB0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001F03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 001F0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4720] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\AUDIODG.EXE[4824] kernel32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtCreateFile + 6 77B246B6 4 Bytes [28, 0C, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtCreateFile + B 77B246BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtMapViewOfSection + 6 77B24D16 4 Bytes [28, 0F, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtMapViewOfSection + B 77B24D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenFile + 6 77B24DC6 4 Bytes [68, 0C, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenFile + B 77B24DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcess + 6 77B24E76 4 Bytes [A8, 0D, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcess + B 77B24E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcessToken + 6 77B24E86 4 Bytes CALL 76B2F398 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcessToken + B 77B24E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcessTokenEx + 6 77B24E96 4 Bytes [A8, 0E, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenProcessTokenEx + B 77B24E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThread + 6 77B24EF6 4 Bytes [68, 0D, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThread + B 77B24EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThreadToken + 6 77B24F06 4 Bytes [68, 0E, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThreadToken + B 77B24F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThreadTokenEx + 6 77B24F16 4 Bytes CALL 76B2F429 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtOpenThreadTokenEx + B 77B24F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtQueryAttributesFile + 6 77B25026 4 Bytes [A8, 0C, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtQueryAttributesFile + B 77B2502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtQueryFullAttributesFile + 6 77B250D6 4 Bytes CALL 76B2F5E7 C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtQueryFullAttributesFile + B 77B250DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationFile + 6 77B25726 4 Bytes [28, 0D, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationFile + B 77B2572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationThread + 6 77B25786 4 Bytes [28, 0E, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtSetInformationThread + B 77B2578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtUnmapViewOfSection + 6 77B25AA6 4 Bytes [68, 0F, A5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!NtUnmapViewOfSection + B 77B25AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 00B203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 00B201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00C30A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 00C303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00C30804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 00C301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4864] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00C30600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 003A0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 003A03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 003A0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 003A01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4884] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 003A0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtCreateFile + 6 77B246B6 4 Bytes [28, 80, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtCreateFile + B 77B246BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtMapViewOfSection + 6 77B24D16 4 Bytes [28, 83, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtMapViewOfSection + B 77B24D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenFile + 6 77B24DC6 4 Bytes [68, 80, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenFile + B 77B24DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcess + 6 77B24E76 4 Bytes [A8, 81, 23, 00] {TEST AL, 0x81; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcess + B 77B24E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcessToken + 6 77B24E86 4 Bytes CALL 76B2720C C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcessToken + B 77B24E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcessTokenEx + 6 77B24E96 4 Bytes [A8, 82, 23, 00] {TEST AL, 0x82; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcessTokenEx + B 77B24E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThread + 6 77B24EF6 4 Bytes [68, 81, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThread + B 77B24EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThreadToken + 6 77B24F06 4 Bytes [68, 82, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThreadToken + B 77B24F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThreadTokenEx + 6 77B24F16 4 Bytes CALL 76B2729D C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThreadTokenEx + B 77B24F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtQueryAttributesFile + 6 77B25026 4 Bytes [A8, 80, 23, 00] {TEST AL, 0x80; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtQueryAttributesFile + B 77B2502B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtQueryFullAttributesFile + 6 77B250D6 4 Bytes CALL 76B2745B C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtQueryFullAttributesFile + B 77B250DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationFile + 6 77B25726 4 Bytes [28, 81, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationFile + B 77B2572B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationThread + 6 77B25786 4 Bytes [28, 82, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationThread + B 77B2578B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtUnmapViewOfSection + 6 77B25AA6 4 Bytes [68, 83, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtUnmapViewOfSection + B 77B25AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 003103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 003101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00320A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 003203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00320804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 003201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4900] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00320600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 002C0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002C03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 002C0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002C01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4976] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 002C0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00230A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 002303FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00230804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 002301F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5160] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00230600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001F03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 001F0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe[5296] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 001703FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 001701F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00180A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 001803FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00180804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 001801F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5592] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00180600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 00080A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 00080804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5728] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 00080600 .text C:\Windows\System32\svchost.exe[6064] ntdll.dll!LdrUnloadDll 77B3BD1F 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[6064] ntdll.dll!LdrLoadDll 77B3F425 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[6064] KERNEL32.dll!GetBinaryTypeW + 70 775C78FC 1 Byte [62] .text C:\Windows\System32\svchost.exe[6064] USER32.dll!UnhookWindowsHookEx 75FDCC7B 5 Bytes JMP 000D0A08 .text C:\Windows\System32\svchost.exe[6064] USER32.dll!UnhookWinEvent 75FDD924 5 Bytes JMP 000D03FC .text C:\Windows\System32\svchost.exe[6064] USER32.dll!SetWindowsHookExW 75FE210A 5 Bytes JMP 000D0804 .text C:\Windows\System32\svchost.exe[6064] USER32.dll!SetWinEventHook 75FE507E 5 Bytes JMP 000D01F8 .text C:\Windows\System32\svchost.exe[6064] USER32.dll!SetWindowsHookExA 76006DFA 5 Bytes JMP 000D0600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1564] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [730EF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [730EF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037a9560be Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037a9560be@001dd8938498 0x4B 0xE4 0x60 0x11 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037a9560be (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037a9560be@001dd8938498 0x4B 0xE4 0x60 0x11 ... ---- EOF - GMER 1.0.15 ----