GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2013-01-03 12:47:46 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEKT-22KA9T0 rev.01.01A01 Running: sv0iuwpm.exe; Driver: C:\Users\Magda\AppData\Local\Temp\pwlirfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DE214BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E20DC22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8DE21ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DE2CFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DE2CFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DE2D176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DE2CF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E20DFA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DE2CF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8DE2211C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DE2D130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8DE2293E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DE21508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E20DCEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E20C3EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DE21556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DE26534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DE233A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DE2CFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DE2D016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DE2D19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DE2CF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DE2D0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DE2CF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DE2D154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E20DE4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DE23272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8DE22DD4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DE215A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DE215F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8DE227BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DE211FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DE213AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DE21350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8DE22AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8DE22C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DE2141A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E20DEFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8DE22636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8E20C41C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DE21640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E20DD96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8DE222F4] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E226E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82CE97D0 4 Bytes [BA, 14, E2, 8D] .text ntkrnlpa.exe!KeSetEvent + 131 82CE97F4 4 Bytes [22, DC, 20, 8E] .text ntkrnlpa.exe!KeSetEvent + 191 82CE9854 4 Bytes [D6, 1E, E2, 8D] {SALC ; PUSH DS; LOOP 0xffffffffffffff91} .text ntkrnlpa.exe!KeSetEvent + 1D1 82CE9894 8 Bytes [A8, CF, E2, 8D, F4, CF, E2, ...] {TEST AL, 0xcf; LOOP 0xffffffffffffff91; HLT ; IRET ; LOOP 0xffffffffffffff95} .text ntkrnlpa.exe!KeSetEvent + 1DE 82CE98A1 3 Bytes [D1, E2, 8D] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E14633 5 Bytes JMP 8E223CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82E6D593 5 Bytes JMP 8E225810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E76EB8 4 Bytes CALL 8DE23A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E7AB2C 4 Bytes CALL 8DE23AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ECEE8C 7 Bytes JMP 8E226E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\drivers\sxppwthn.sys The system cannot find the path specified. ! .text ntdll.dll!LdrLoadDll 77259378 5 Bytes [E9, 7B, 6E, F0, 88] {JMP 0xffffffff88f06e80} .text ntdll.dll!LdrUnloadDll 7726B680 5 Bytes [E9, 77, 4D, EF, 88] {JMP 0xffffffff88ef4d7c} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\taskeng.exe[372] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 00B401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 00B403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, 3C, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, 3F, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, 3C, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, 3D, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 7629F8FC C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, 3E, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, 3D, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, 3E, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 7629F97D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, 3C, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 7629FABB C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, 3D, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, 3E, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, 3F, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00B50600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00B50804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00B50A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 00B501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 00B503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 00B603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00B60600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00B61014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00B60804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00B60A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00B60C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00B60E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[504] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 00B601F8 .text C:\Windows\system32\svchost.exe[516] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\csrss.exe[564] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\wininit.exe[620] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\services.exe[664] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] ? C:\Windows\system32\services.exe[664] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll .text C:\Windows\system32\lsass.exe[680] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\lsm.exe[688] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 00C201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 00C203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, B8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, BB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, B8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, B9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 762A0778 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, BA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, B9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, BA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 762A07F9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, B8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 762A0937 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, B9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, BA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, BB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00C30600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00C30804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00C30A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 00C301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 00C303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 00C403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00C40600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00C41014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00C40804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00C40A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00C40C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00C40E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[880] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 00C401F8 .text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\Ati2evxx.exe[980] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text ... .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1708] kernel32.dll!SetUnhandledExceptionFilter 76FFA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1708] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1724] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1744] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\Explorer.EXE[1760] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\lxdxcoms.exe[1772] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text ... .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00010600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00010804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00010A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 000101F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 000103FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2136] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001801F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2184] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 009801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 009803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, 90, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, 93, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, 90, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, 91, 8E, 00] {TEST AL, 0x91; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 7629D950 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, 92, 8E, 00] {TEST AL, 0x92; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, 91, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, 92, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 7629D9D1 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, 90, 8E, 00] {TEST AL, 0x90; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 7629DB0F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, 91, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, 92, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, 93, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00990600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00990804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00990A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 009901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 009903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 009A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 009A0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 009A1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 009A0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 009A0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 009A0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 009A0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2236] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 009A01F8 .text C:\Windows\system32\svchost.exe[2244] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2280] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2324] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe[2404] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[2444] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 001601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 001603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00170600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00170804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00170A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 001703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00180600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00181014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00180804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00180A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00180C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00180E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2504] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 000A01F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 000A03FC .text C:\Windows\system32\wbem\wmiprvse.exe[2588] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 000C0600 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2588] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 000C03FC .text C:\Windows\ehome\ehtray.exe[2608] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe[2636] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2716] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\unsecapp.exe[2716] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\unsecapp.exe[2716] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[2716] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2716] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[2716] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[2716] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[2716] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[2716] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 000803FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2720] kernel32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 010C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 010C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, 34, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, 37, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, 34, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, 35, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 762A50F4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, 36, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, 35, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, 36, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 762A5175 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, 34, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 762A52B3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, 35, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, 36, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, 37, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 010D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 010D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 010D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 010D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 010D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 010E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 010E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 010E1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 010E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 010E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 010E0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 010E0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2728] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 010E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 00B801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 00B803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, 70, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, 73, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, 70, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, 71, B3, 00] {TEST AL, 0x71; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 7629FE30 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, 72, B3, 00] {TEST AL, 0x72; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, 71, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, 72, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 7629FEB1 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, 70, B3, 00] {TEST AL, 0x70; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 7629FFEF C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, 71, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, 72, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, 73, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00B90600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00B90804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00B90A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 00B901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 00B903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 00BA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00BA0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00BA1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00BA0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00BA0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00BA0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00BA0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2768] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 00BA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 00F601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 00F603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, 74, F0, 00] {SUB [EAX+ESI*8+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, 77, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, 74, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, 75, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 762A3B34 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, 76, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, 75, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, 76, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 762A3BB5 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, 74, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 762A3CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, 75, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, 76, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, 77, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00F70600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00F70804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00F70A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 00F701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 00F703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 00F803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00F80600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00F81014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00F80804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00F80A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00F80C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00F80E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3292] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 00F801F8 .text C:\Windows\ehome\ehmsas.exe[3372] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehmsas.exe[3372] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehmsas.exe[3372] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[3372] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[3372] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[3372] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[3372] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[3372] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[3372] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3568] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 000703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 003401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 003403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, 24, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, 27, 30, 00] {SUB [EDI], AH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, 24, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, 25, 30, 00] {TEST AL, 0x25; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 76297AE4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, 26, 30, 00] {TEST AL, 0x26; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, 25, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, 26, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 76297B65 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, 24, 30, 00] {TEST AL, 0x24; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 76297CA3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, 25, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, 26, 30, 00] {SUB [ESI], AH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, 27, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00350600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00350804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00350A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 003501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 003503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 003603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00360600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00361014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00360804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00360A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00360C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00360E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3732] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 003601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 000501F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 000503FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000603FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00060600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00061014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00060804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00060A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00060C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00060E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00080600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00080804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00080A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 000801F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3764] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 001B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 001B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, A8, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, AB, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, A8, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, A9, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 76296068 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, AA, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, A9, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, AA, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 762960E9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, A8, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 76296227 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, A9, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, AA, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, AB, 15, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 001C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 001C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 001C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 001C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 001C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 001D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 001D1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 001D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 001D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 001D0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 001D0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3952] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001D01F8 .text C:\Windows\system32\svchost.exe[4144] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[4144] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[4144] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[4144] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[4144] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[4144] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[4144] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[4144] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[4144] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 002B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 002B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtCreateFile + 6 7729424A 4 Bytes [28, F4, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtCreateFile + B 7729424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtMapViewOfSection + 6 7729499A 4 Bytes [28, F7, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtMapViewOfSection + B 7729499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenFile + 6 77294A2A 4 Bytes [68, F4, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenFile + B 77294A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcess + 6 77294AAA 4 Bytes [A8, F5, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcess + B 77294AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessToken + 6 77294ABA 4 Bytes CALL 762970B4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessToken + B 77294ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessTokenEx + 6 77294ACA 4 Bytes [A8, F6, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenProcessTokenEx + B 77294ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThread + 6 77294B1A 4 Bytes [68, F5, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThread + B 77294B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadToken + 6 77294B2A 4 Bytes [68, F6, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadToken + B 77294B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadTokenEx + 6 77294B3A 4 Bytes CALL 76297135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtOpenThreadTokenEx + B 77294B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryAttributesFile + 6 77294BCA 4 Bytes [A8, F4, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryAttributesFile + B 77294BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryFullAttributesFile + 6 77294C7A 4 Bytes CALL 76297273 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtQueryFullAttributesFile + B 77294C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationFile + 6 7729515A 4 Bytes [28, F5, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationFile + B 7729515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationThread + 6 772951AA 4 Bytes [28, F6, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtSetInformationThread + B 772951AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtUnmapViewOfSection + 6 7729544A 4 Bytes [68, F7, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ntdll.dll!NtUnmapViewOfSection + B 7729544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 002C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 002C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 002C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 002C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 002C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 002D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 002D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 002D1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 002D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 002D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 002D0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 002D0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4688] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 002D01F8 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ntdll.dll!LdrLoadDll 77259378 5 Bytes JMP 001601F8 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ntdll.dll!LdrUnloadDll 7726B680 5 Bytes JMP 001603FC .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] KERNEL32.dll!GetBinaryTypeW + 70 77022467 1 Byte [62] .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] USER32.dll!SetWindowsHookExA 76966322 5 Bytes JMP 00180600 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] USER32.dll!SetWindowsHookExW 769687AD 5 Bytes JMP 00180804 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] USER32.dll!UnhookWindowsHookEx 769698DB 5 Bytes JMP 00180A08 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] USER32.dll!SetWinEventHook 76969F3A 5 Bytes JMP 001801F8 .text C:\Users\Magda\Downloads\sv0iuwpm.exe[5376] USER32.dll!UnhookWinEvent 7696C06F 5 Bytes JMP 001803FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[504] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00B10010 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00B60002 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00B60000 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] 51EC8B55 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 8B565351 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] FF560875 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] A5510815 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 85D88B01 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] C2840FDB IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 57000000 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 0068406A IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] FF000010 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 006A5073 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 508415FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] F88B01A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 85FC7D89 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 9E840FFF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 8B000000 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] A4F3544B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 1443B70F IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] 0653B70F IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 1818448D IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] 8B0CC083 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 08758B08 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 03FC7D8B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 8BF903F1 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] C083FC48 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] A4F34A28 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 758BE975 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] 443D8BFC IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 2B01A551 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 458D0875 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 056A50F8 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 75FF016A IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 85D7FFFC IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] EB2574C0 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] 04488B1D IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 56F84D29 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 8B08508D IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] FC450300 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] 52F8C183 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 5051E9D1 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNumberOfSetBitsUlongPtr] 514015FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 7D8301A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] DD7500F8 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 50F8458D IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] 016A016A IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] FFFC75FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 74C085D7 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 0C488D20 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] C085018B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] F18B1774 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 03FC4D8B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 15FF50C1 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] [01A55080] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] 8B14C683 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 75C08506 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] FC458BEB IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] C95B5E5F IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] 560004C2 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] 7140BF57 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 8B5701A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 7C15FFF1 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 6A01A550 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 3C83580F IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] A5715885 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 09740001 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 8548C88B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] EBEF75C9 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 85348907 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] [01A57158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 3415FF57 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 5F01A550 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 5756C35E IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] A57140BF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] F18B5701 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 507C15FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 0F6A01A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 85343958 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] [01A57158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] C88B0974 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [75C98548] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 8308EBF0 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] 71588524 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 570001A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 503415FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5E5F01A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 800068C3 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 006A0000 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 7815FF51 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 5001A550 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] 513C15FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 55C301A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 5351EC8B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] 35FF5756 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] [01A57198] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 513815FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] 8D5901A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] E8400044 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserThread] 00002B8C IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 75FFFC8B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] FC7D8908 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 719835FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] EC6801A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] 5701A553 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 513415FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] DB3301A5 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 3910C483 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] 6E7D085D IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] FFF63357 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] A5507415 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85F88B01 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8D3774FF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] 6A500845 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF575602 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExitUserThread] A5513015 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 7CC08501 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] FF556A25 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] 15FFFC75 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] [01A5512C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] C9335959 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 08896657 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] FFFE1FE8 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 85D88BFF IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] 8B0774DB IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] F72B0875 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] FF57F303 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] A5507015 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 74F68501 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] FC4D8B53 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] A57084BA IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] 85D6FF01 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 684575C0 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] 00008000 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] 15FF5350 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] [01A55078] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 5D3936EB IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] BB31740C IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] [01A57140] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 7C15FF53 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] BE01A550 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] [01A57194] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C085068B IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 4D8B0774 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] FFD78B08 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 83C68BD0 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 583D04EE IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] 7501A571 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] 15FF53E7 IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgBreakPoint] [01A55034] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 5FF0658D IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] C2C95B5E IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] 8B550008 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00BF0010 IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7344F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1708] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7344F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74327817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7436B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7432BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7431F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7431E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7432DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7431FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7431FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [743ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7434C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7431D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74316853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7431687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74322AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2236] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00910010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2728] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01090010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00B50010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3292] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00F30010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3732] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00320010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3952] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00180010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4688] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00280010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Services - GMER 1.0.15 ---- Service C:\Windows\system32\svchost.exe (*** hidden *** ) [AUTO] gnfhjqops <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops@DisplayName Microsoft Boot Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops@Type 32 Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops@Start 2 Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops@Description Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\gnfhjqops\Parameters@ServiceDll C:\Windows\system32\fyxegtbu.dll ---- Files - GMER 1.0.15 ---- File C:\Users\Magda\Downloads\Extras.Txt 37792 bytes ---- EOF - GMER 1.0.15 ----