GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-14 20:34:26 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-00A7B2 rev.01.03B01 465,76GB Running: ts7jmieu.exe; Driver: C:\DOCUME~1\Bia\USTAWI~1\Temp\fxtoqpod.sys ---- System - GMER 2.1 ---- SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xB9F8D028] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xB9F8CFE0] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xB9F80B00] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xB9F815DC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8D120] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xB9F80B40] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xB9F8CFA4] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xB9F815FC] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xB9F8D076] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8C550] INT 0x62 ? 8A504CB8 INT 0x63 ? 8A1F9CB8 INT 0x82 ? 8A504CB8 INT 0x83 ? 8A1F9CB8 INT 0xA4 ? 8A1F9CB8 INT 0xB4 ? 8A1F9CB8 Code \??\C:\DOCUME~1\Bia\USTAWI~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F5BB2E] ? System nie może odnaleźć określonej ścieżki. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8DE8360, 0x32D25D, 0xE8000020] .text USBPORT.SYS!DllUnload B8D248AC 5 Bytes JMP 8A1F91C8 ? C:\WINDOWS\System32\Drivers\afi51akp.SYS suspicious PE modification ? C:\WINDOWS\TEMP\mc21.tmp Nie można odnaleźć określonego pliku. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\DOCUME~1\Bia\USTAWI~1\Temp\catchme.sys System nie może odnaleźć określonej ścieżki. ! ? \DAEMON Tools Lite\Engine.dll System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Vtune\TBPanel.exe[192] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\Program Files\Vtune\TBPanel.exe[192] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\Program Files\Vtune\TBPanel.exe[192] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\Program Files\Vtune\TBPanel.exe[192] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Vtune\TBPanel.exe[192] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Vtune\TBPanel.exe[192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300 .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00C11290 .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00C12570 .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00C11000 .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00C110A0 .text C:\Program Files\Vtune\TBPanel.exe[192] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00C12510 .text C:\Program Files\Vtune\TBPanel.exe[192] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Vtune\TBPanel.exe[192] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Vtune\TBPanel.exe[192] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Vtune\TBPanel.exe[192] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\Program Files\Vtune\TBPanel.exe[192] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C17250 .text C:\Program Files\Vtune\TBPanel.exe[192] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C12160 .text C:\Program Files\Vtune\TBPanel.exe[192] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C120A0 .text C:\Program Files\Vtune\TBPanel.exe[192] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C123A0 .text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B76390 .text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B76640 .text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B753D0 .text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B75300 .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B711C0 .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00B71290 .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00B72570 .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00B71000 .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00B710A0 .text C:\WINDOWS\system32\ctfmon.exe[200] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00B72510 .text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\ctfmon.exe[200] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\ctfmon.exe[200] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B71D10 .text C:\WINDOWS\system32\ctfmon.exe[200] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B77250 .text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B72160 .text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B720A0 .text C:\WINDOWS\system32\ctfmon.exe[200] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B723A0 .text D:\Spyware Doctor\swdoctor.exe[252] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01AB6390 .text D:\Spyware Doctor\swdoctor.exe[252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01AB6640 .text D:\Spyware Doctor\swdoctor.exe[252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01AB53D0 .text D:\Spyware Doctor\swdoctor.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01AB5300 .text D:\Spyware Doctor\swdoctor.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AB11C0 .text D:\Spyware Doctor\swdoctor.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Spyware Doctor\swdoctor.exe[252] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 01AB1290 .text D:\Spyware Doctor\swdoctor.exe[252] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 01AB2570 .text D:\Spyware Doctor\swdoctor.exe[252] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 01AB1000 .text D:\Spyware Doctor\swdoctor.exe[252] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 01AB10A0 .text D:\Spyware Doctor\swdoctor.exe[252] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 01AB2510 .text D:\Spyware Doctor\swdoctor.exe[252] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F040F5A .text D:\Spyware Doctor\swdoctor.exe[252] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F120F5A .text D:\Spyware Doctor\swdoctor.exe[252] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F0E0F5A .text D:\Spyware Doctor\swdoctor.exe[252] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F0A0F5A .text D:\Spyware Doctor\swdoctor.exe[252] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01AB1D10 .text D:\Spyware Doctor\swdoctor.exe[252] ws2_32.dll!send 71A54C27 5 Bytes JMP 01AB7250 .text D:\Spyware Doctor\swdoctor.exe[252] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01AB2160 .text D:\Spyware Doctor\swdoctor.exe[252] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01AB20A0 .text D:\Spyware Doctor\swdoctor.exe[252] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01AB23A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00FD6390 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00FD6640 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00FD53D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00FD5300 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD11C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00FD1290 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00FD2570 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00FD1000 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00FD10A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00FD2510 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00FD1D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] WS2_32.dll!send 71A54C27 5 Bytes JMP 00FD7250 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00FD2160 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00FD20A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[380] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00FD23A0 .text C:\WINDOWS\system32\nvsvc32.exe[464] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AC6390 .text C:\WINDOWS\system32\nvsvc32.exe[464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AC6640 .text C:\WINDOWS\system32\nvsvc32.exe[464] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AC53D0 .text C:\WINDOWS\system32\nvsvc32.exe[464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\nvsvc32.exe[464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\nvsvc32.exe[464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AC5300 .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC11C0 .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00AC1290 .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00AC2570 .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00AC1000 .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00AC10A0 .text C:\WINDOWS\system32\nvsvc32.exe[464] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00AC2510 .text C:\WINDOWS\system32\nvsvc32.exe[464] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\nvsvc32.exe[464] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\nvsvc32.exe[464] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\nvsvc32.exe[464] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AC1D10 .text C:\WINDOWS\system32\nvsvc32.exe[464] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AC7250 .text C:\WINDOWS\system32\nvsvc32.exe[464] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00AC2160 .text C:\WINDOWS\system32\nvsvc32.exe[464] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00AC20A0 .text C:\WINDOWS\system32\nvsvc32.exe[464] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00AC23A0 .text C:\WINDOWS\System32\svchost.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00736390 .text C:\WINDOWS\System32\svchost.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00736640 .text C:\WINDOWS\System32\svchost.exe[476] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007353D0 .text C:\WINDOWS\System32\svchost.exe[476] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[476] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00735300 .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007311C0 .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00731290 .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00732570 .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00731000 .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 007310A0 .text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00732510 .text C:\WINDOWS\System32\svchost.exe[476] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\System32\svchost.exe[476] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\System32\svchost.exe[476] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\svchost.exe[476] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00731D10 .text C:\WINDOWS\System32\svchost.exe[476] WS2_32.dll!send 71A54C27 5 Bytes JMP 00737250 .text C:\WINDOWS\System32\svchost.exe[476] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00732160 .text C:\WINDOWS\System32\svchost.exe[476] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 007320A0 .text C:\WINDOWS\System32\svchost.exe[476] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 007323A0 .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E66390 .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E66640 .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E653D0 .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E65300 .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E611C0 .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00E61290 .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00E62570 .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00E61000 .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00E610A0 .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00E62510 .text C:\WINDOWS\system32\svchost.exe[480] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[480] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[480] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[480] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00E62160 .text C:\WINDOWS\system32\svchost.exe[480] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00E620A0 .text C:\WINDOWS\system32\svchost.exe[480] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00E623A0 .text C:\WINDOWS\system32\svchost.exe[480] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E61D10 .text C:\WINDOWS\system32\svchost.exe[480] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E67250 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00906390 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00906640 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009053D0 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00905300 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009011C0 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00901290 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00902570 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00901000 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 009010A0 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00902510 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00901D10 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] WS2_32.dll!send 71A54C27 5 Bytes JMP 00907250 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00902160 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009020A0 .text C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe[524] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009023A0 .text D:\Spyware Doctor\sdhelp.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DE6390 .text D:\Spyware Doctor\sdhelp.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DE6640 .text D:\Spyware Doctor\sdhelp.exe[556] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DE53D0 .text D:\Spyware Doctor\sdhelp.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DE5300 .text D:\Spyware Doctor\sdhelp.exe[556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE11C0 .text D:\Spyware Doctor\sdhelp.exe[556] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Spyware Doctor\sdhelp.exe[556] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00DE1290 .text D:\Spyware Doctor\sdhelp.exe[556] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00DE2570 .text D:\Spyware Doctor\sdhelp.exe[556] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00DE1000 .text D:\Spyware Doctor\sdhelp.exe[556] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00DE10A0 .text D:\Spyware Doctor\sdhelp.exe[556] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00DE2510 .text D:\Spyware Doctor\sdhelp.exe[556] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0E0F5A .text D:\Spyware Doctor\sdhelp.exe[556] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F0A0F5A .text D:\Spyware Doctor\sdhelp.exe[556] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A .text D:\Spyware Doctor\sdhelp.exe[556] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00DE1D10 .text D:\Spyware Doctor\sdhelp.exe[556] WS2_32.dll!send 71A54C27 5 Bytes JMP 00DE7250 .text D:\Spyware Doctor\sdhelp.exe[556] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00DE2160 .text D:\Spyware Doctor\sdhelp.exe[556] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00DE20A0 .text D:\Spyware Doctor\sdhelp.exe[556] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00DE23A0 .text C:\WINDOWS\system32\csrss.exe[692] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 029E6390 .text C:\WINDOWS\system32\csrss.exe[692] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 029E6640 .text C:\WINDOWS\system32\csrss.exe[692] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 029E53D0 .text C:\WINDOWS\system32\csrss.exe[692] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[692] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\csrss.exe[692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 029E5300 .text C:\WINDOWS\system32\csrss.exe[692] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 029E11C0 .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!CreateFileW 7C810CD9 5 Bytes JMP 029E1290 .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!MoveFileW 7C822989 5 Bytes JMP 029E2570 .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!CopyFileA 7C829E16 5 Bytes JMP 029E1000 .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!CopyFileW 7C830F97 5 Bytes JMP 029E10A0 .text C:\WINDOWS\system32\csrss.exe[692] KERNEL32.dll!MoveFileA 7C835E97 5 Bytes JMP 029E2510 .text C:\WINDOWS\system32\csrss.exe[692] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\csrss.exe[692] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\csrss.exe[692] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 029E1D10 .text C:\WINDOWS\system32\csrss.exe[692] WS2_32.dll!send 71A54C27 5 Bytes JMP 029E7250 .text C:\WINDOWS\system32\csrss.exe[692] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 029E2160 .text C:\WINDOWS\system32\csrss.exe[692] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 029E20A0 .text C:\WINDOWS\system32\csrss.exe[692] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 029E23A0 .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A66390 .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A66640 .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A653D0 .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\winlogon.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01A65300 .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A611C0 .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 01A61290 .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 01A62570 .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 01A61000 .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 01A610A0 .text C:\WINDOWS\system32\winlogon.exe[716] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 01A62510 .text C:\WINDOWS\system32\winlogon.exe[716] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\winlogon.exe[716] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\winlogon.exe[716] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\winlogon.exe[716] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A61D10 .text C:\WINDOWS\system32\winlogon.exe[716] WS2_32.dll!send 71A54C27 5 Bytes JMP 01A67250 .text C:\WINDOWS\system32\winlogon.exe[716] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01A62160 .text C:\WINDOWS\system32\winlogon.exe[716] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01A620A0 .text C:\WINDOWS\system32\winlogon.exe[716] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01A623A0 .text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013A6390 .text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013A6640 .text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013A53D0 .text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\services.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013A5300 .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013A11C0 .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 013A1290 .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 013A2570 .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 013A1000 .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 013A10A0 .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 013A2510 .text C:\WINDOWS\system32\services.exe[768] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\services.exe[768] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\services.exe[768] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013A1D10 .text C:\WINDOWS\system32\services.exe[768] WS2_32.dll!send 71A54C27 5 Bytes JMP 013A7250 .text C:\WINDOWS\system32\services.exe[768] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 013A2160 .text C:\WINDOWS\system32\services.exe[768] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 013A20A0 .text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 013A23A0 .text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 64, C9, 00] {SUB [ECX+ECX*8+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CB6390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 67, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 64, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 65, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919F7E .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 66, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 65, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 66, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919FEF .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 64, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CB6640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A11D .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CB53D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 65, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 66, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 67, C9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CB5300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CB1D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CB7250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00CB2160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00CB20A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[836] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00CB23A0 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300 .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00C11290 .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00C12570 .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00C11000 .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00C110A0 .text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00C12510 .text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINDOWS\system32\svchost.exe[948] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C17250 .text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C12160 .text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C120A0 .text C:\WINDOWS\system32\svchost.exe[948] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C123A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01F26390 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01F26640 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01F253D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01F25300 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01F211C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 01F21290 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 01F22570 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 01F21000 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 01F210A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 01F22510 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01F21D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] WS2_32.dll!send 71A54C27 5 Bytes JMP 01F27250 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01F22160 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01F220A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01F223A0 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B55300 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00B51290 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00B52570 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00B51000 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00B510A0 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00B52510 .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[972] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B51D10 .text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B57250 .text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B52160 .text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B520A0 .text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B523A0 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EA6390 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EA6640 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EA53D0 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EA5300 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA11C0 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00EA1290 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00EA2570 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00EA1000 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00EA10A0 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00EA2510 .text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[1056] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EA1D10 .text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EA7250 .text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00EA2160 .text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00EA20A0 .text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00EA23A0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006C6390 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 006C6640 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006C53D0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006C5300 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C11C0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 006C1290 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 006C2570 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 006C1000 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 006C10A0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 006C2510 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006C1D10 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] WS2_32.dll!send 71A54C27 5 Bytes JMP 006C7250 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 006C2160 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 006C20A0 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1132] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 006C23A0 .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02FC6390 .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02FC6640 .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02FC53D0 .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02FC5300 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02FC11C0 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 02FC1290 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 02FC2570 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 02FC1000 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 02FC10A0 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 02FC2510 .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\System32\svchost.exe[1152] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02FC1D10 .text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!send 71A54C27 5 Bytes JMP 02FC7250 .text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02FC2160 .text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 02FC20A0 .text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 02FC23A0 .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1188] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\svchost.exe[1188] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A32160 .text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\svchost.exe[1188] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A323A0 .text C:\Program Files\Nero\Update\NASvc.exe[1196] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01096390 .text C:\Program Files\Nero\Update\NASvc.exe[1196] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01096640 .text C:\Program Files\Nero\Update\NASvc.exe[1196] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010953D0 .text C:\Program Files\Nero\Update\NASvc.exe[1196] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Nero\Update\NASvc.exe[1196] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Nero\Update\NASvc.exe[1196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01095300 .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010911C0 .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 01091290 .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 01092570 .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 01091000 .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 010910A0 .text C:\Program Files\Nero\Update\NASvc.exe[1196] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 01092510 .text C:\Program Files\Nero\Update\NASvc.exe[1196] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Nero\Update\NASvc.exe[1196] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Nero\Update\NASvc.exe[1196] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Nero\Update\NASvc.exe[1196] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01091D10 .text C:\Program Files\Nero\Update\NASvc.exe[1196] WS2_32.dll!send 71A54C27 5 Bytes JMP 01097250 .text C:\Program Files\Nero\Update\NASvc.exe[1196] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01092160 .text C:\Program Files\Nero\Update\NASvc.exe[1196] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 010920A0 .text C:\Program Files\Nero\Update\NASvc.exe[1196] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 010923A0 .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007E6390 .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007E6640 .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007E53D0 .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007E5300 .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E11C0 .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 007E1290 .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 007E2570 .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 007E1000 .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 007E10A0 .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 007E2510 .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[1288] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007E1D10 .text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!send 71A54C27 5 Bytes JMP 007E7250 .text C:\WINDOWS\system32\svchost.exe[1288] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 007E2160 .text C:\WINDOWS\system32\svchost.exe[1288] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 007E20A0 .text C:\WINDOWS\system32\svchost.exe[1288] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 007E23A0 .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BD6390 .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BD6640 .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BD53D0 .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BD5300 .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD11C0 .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00BD1290 .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00BD2570 .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00BD1000 .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00BD10A0 .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00BD2510 .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[1304] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BD1D10 .text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BD7250 .text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00BD2160 .text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00BD20A0 .text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00BD23A0 .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00736390 .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00736640 .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007353D0 .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00735300 .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007311C0 .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00731290 .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00732570 .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00731000 .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 007310A0 .text C:\WINDOWS\System32\svchost.exe[1356] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00732510 .text C:\WINDOWS\System32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\System32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\System32\svchost.exe[1356] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00731D10 .text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!send 71A54C27 5 Bytes JMP 00737250 .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00732160 .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 007320A0 .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 007323A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00946390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91686A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9168DB .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00946640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916A09 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009453D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00945300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00941D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] WS2_32.dll!send 71A54C27 5 Bytes JMP 00947250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00942160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009420A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1400] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009423A0 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A86390 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A86640 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A853D0 .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A85300 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A811C0 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00A81290 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00A82570 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00A81000 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00A810A0 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00A82510 .text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[1408] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A81D10 .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A87250 .text C:\WINDOWS\system32\svchost.exe[1408] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A82160 .text C:\WINDOWS\system32\svchost.exe[1408] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A820A0 .text C:\WINDOWS\system32\svchost.exe[1408] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A823A0 .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F56390 .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F56640 .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F553D0 .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\spoolsv.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F55300 .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F511C0 .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00F51290 .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00F52570 .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00F51000 .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00F510A0 .text C:\WINDOWS\system32\spoolsv.exe[1504] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00F52510 .text C:\WINDOWS\system32\spoolsv.exe[1504] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[1504] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\spoolsv.exe[1504] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\spoolsv.exe[1504] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F51D10 .text C:\WINDOWS\system32\spoolsv.exe[1504] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F57250 .text C:\WINDOWS\system32\spoolsv.exe[1504] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00F52160 .text C:\WINDOWS\system32\spoolsv.exe[1504] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00F520A0 .text C:\WINDOWS\system32\spoolsv.exe[1504] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00F523A0 .text C:\WINDOWS\RTHDCPL.EXE[1932] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 04ED6390 .text C:\WINDOWS\RTHDCPL.EXE[1932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 04ED6640 .text C:\WINDOWS\RTHDCPL.EXE[1932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 04ED53D0 .text C:\WINDOWS\RTHDCPL.EXE[1932] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1932] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\RTHDCPL.EXE[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 04ED5300 .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04ED11C0 .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 04ED1290 .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 04ED2570 .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 04ED1000 .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 04ED10A0 .text C:\WINDOWS\RTHDCPL.EXE[1932] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 04ED2510 .text C:\WINDOWS\RTHDCPL.EXE[1932] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\RTHDCPL.EXE[1932] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\RTHDCPL.EXE[1932] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\RTHDCPL.EXE[1932] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 04ED1D10 .text C:\WINDOWS\RTHDCPL.EXE[1932] WS2_32.dll!send 71A54C27 5 Bytes JMP 04ED7250 .text C:\WINDOWS\RTHDCPL.EXE[1932] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 04ED2160 .text C:\WINDOWS\RTHDCPL.EXE[1932] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 04ED20A0 .text C:\WINDOWS\RTHDCPL.EXE[1932] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 04ED23A0 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C76390 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C76640 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C753D0 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C75300 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C711C0 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00C71290 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00C72570 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00C71000 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00C710A0 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00C72510 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C72160 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C720A0 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C723A0 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C71D10 .text D:\Microsoft Office\Office12\GrooveMonitor.exe[1952] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C77250 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 017E6390 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 017E6640 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 017E53D0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 017E5300 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017E11C0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 017E1290 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 017E2570 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 017E1000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 017E10A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 017E2510 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 017E2160 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 017E20A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 017E23A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 017E1D10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1976] WS2_32.dll!send 71A54C27 5 Bytes JMP 017E7250 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C26390 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C26640 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C253D0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C25300 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00C21290 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00C22570 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00C21000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 00C210A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00C22510 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C22160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C220A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C223A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C21D10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1992] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C27250 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009A6390 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009A6640 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009A53D0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009A5300 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A11C0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 009A1290 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 009A2570 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 009A1000 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 009A10A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 009A2510 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009A1D10 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] WS2_32.dll!send 71A54C27 5 Bytes JMP 009A7250 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 009A2160 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009A20A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009A23A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E0, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00996390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E3, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E0, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E1, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916CFA .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E2, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E1, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E2, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916D6B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E0, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00996640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916E99 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009953D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E1, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E2, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E3, 96, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00995300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00991D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] WS2_32.dll!send 71A54C27 5 Bytes JMP 00997250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00992160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009920A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2240] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009923A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, EC, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C66390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EF, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, EC, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, ED, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919A06 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, EE, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, ED, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, EE, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919A77 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, EC, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C66640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919BA5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C653D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, ED, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, EE, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EF, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C65300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C61D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C67250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C62160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C620A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2652] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C623A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2696] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text D:\Quintessential Media Player\QMPlayer.exe[2764] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text D:\Quintessential Media Player\QMPlayer.exe[2764] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text D:\Quintessential Media Player\QMPlayer.exe[2764] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text D:\Quintessential Media Player\QMPlayer.exe[2764] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text D:\Quintessential Media Player\QMPlayer.exe[2764] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text D:\Quintessential Media Player\QMPlayer.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text D:\Quintessential Media Player\QMPlayer.exe[2764] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text D:\Quintessential Media Player\QMPlayer.exe[2764] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text D:\Quintessential Media Player\QMPlayer.exe[2764] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text D:\Quintessential Media Player\QMPlayer.exe[2764] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text D:\Quintessential Media Player\QMPlayer.exe[2764] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text D:\Quintessential Media Player\QMPlayer.exe[2764] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text D:\Quintessential Media Player\QMPlayer.exe[2764] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text D:\Quintessential Media Player\QMPlayer.exe[2764] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text D:\Quintessential Media Player\QMPlayer.exe[2764] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 60, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00636390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 63, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 60, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 61, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91367A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 62, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 61, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 62, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9136EB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 60, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00636640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913819 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006353D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 61, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 62, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 63, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00635300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00631D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] WS2_32.dll!send 71A54C27 5 Bytes JMP 00637250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00632160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 006320A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2972] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 006323A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3144] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text E:\Downloads\OTL.exe[3256] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text E:\Downloads\OTL.exe[3256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text E:\Downloads\OTL.exe[3256] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text E:\Downloads\OTL.exe[3256] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text E:\Downloads\OTL.exe[3256] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text E:\Downloads\OTL.exe[3256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text E:\Downloads\OTL.exe[3256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text E:\Downloads\OTL.exe[3256] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text E:\Downloads\OTL.exe[3256] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text E:\Downloads\OTL.exe[3256] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text E:\Downloads\OTL.exe[3256] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text E:\Downloads\OTL.exe[3256] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text E:\Downloads\OTL.exe[3256] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text E:\Downloads\OTL.exe[3256] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text E:\Downloads\OTL.exe[3256] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text E:\Downloads\OTL.exe[3256] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text E:\Downloads\OTL.exe[3256] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text E:\Downloads\OTL.exe[3256] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text E:\Downloads\OTL.exe[3256] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text E:\Downloads\OTL.exe[3256] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text E:\Downloads\OTL.exe[3256] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text E:\Downloads\OTL.exe[3256] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text E:\Downloads\OTL.exe[3256] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text E:\Downloads\OTL.exe[3256] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3284] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3324] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\svchost.exe[3400] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\svchost.exe[3400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\svchost.exe[3400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\svchost.exe[3400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[3400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[3400] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\svchost.exe[3400] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\svchost.exe[3400] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\svchost.exe[3400] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[3400] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\svchost.exe[3400] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\svchost.exe[3400] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\svchost.exe[3400] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\svchost.exe[3400] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3776] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 000A23A0 .text C:\WINDOWS\System32\alg.exe[3968] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\alg.exe[3968] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\alg.exe[3968] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\alg.exe[3968] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[3968] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\alg.exe[3968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[3968] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\alg.exe[3968] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\System32\alg.exe[3968] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\System32\alg.exe[3968] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\alg.exe[3968] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\alg.exe[3968] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\alg.exe[3968] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 000A2160 .text C:\WINDOWS\System32\alg.exe[3968] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\alg.exe[3968] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 000A23A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, DC, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00956390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DF, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, DC, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, DD, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9168F6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DE, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, DD, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DE, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916967 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, DC, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00956640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916A95 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009553D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, DD, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DE, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DF, 92, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00955300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00951D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] WS2_32.dll!send 71A54C27 5 Bytes JMP 00957250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00952160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009520A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18728] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009523A0 .text C:\WINDOWS\explorer.exe[20708] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390 .text C:\WINDOWS\explorer.exe[20708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640 .text C:\WINDOWS\explorer.exe[20708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0 .text C:\WINDOWS\explorer.exe[20708] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\explorer.exe[20708] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\explorer.exe[20708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300 .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 000A1290 .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 000A2570 .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 000A1000 .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 000A10A0 .text C:\WINDOWS\explorer.exe[20708] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 000A2510 .text C:\WINDOWS\explorer.exe[20708] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\WINDOWS\explorer.exe[20708] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\WINDOWS\explorer.exe[20708] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\WINDOWS\explorer.exe[20708] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 000A2160 .text C:\WINDOWS\explorer.exe[20708] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 000A20A0 .text C:\WINDOWS\explorer.exe[20708] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 000A23A0 .text C:\WINDOWS\explorer.exe[20708] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\explorer.exe[20708] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 08, DF, 00] {SUB [EAX], CL; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E26390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0B, DF, 00] {SUB [EBX], CL; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 08, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 09, DF, 00] {TEST AL, 0x9; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91B522 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0A, DF, 00] {TEST AL, 0xa; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 09, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0A, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B593 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 08, DF, 00] {TEST AL, 0x8; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E26640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B6C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E253D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 09, DF, 00] {SUB [ECX], CL; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0A, DF, 00] {SUB [EDX], CL; FILD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0B, DF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E25300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E21D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E27250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00E22160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00E220A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21400] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00E223A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, BC, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009B6390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BF, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, BC, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, BD, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916ED6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BE, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, BD, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BE, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916F47 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, BC, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009B6640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917075 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009B53D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, BD, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BE, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BF, 98, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009B5300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009B1D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] WS2_32.dll!send 71A54C27 5 Bytes JMP 009B7250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 009B2160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009B20A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21716] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009B23A0 .text D:\Mozilla Firefox\plugin-container.exe[21776] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text D:\Mozilla Firefox\plugin-container.exe[21776] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text D:\Mozilla Firefox\plugin-container.exe[21776] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text D:\Mozilla Firefox\plugin-container.exe[21776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text D:\Mozilla Firefox\plugin-container.exe[21776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text D:\Mozilla Firefox\plugin-container.exe[21776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text D:\Mozilla Firefox\plugin-container.exe[21776] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text D:\Mozilla Firefox\plugin-container.exe[21776] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text D:\Mozilla Firefox\plugin-container.exe[21776] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text D:\Mozilla Firefox\plugin-container.exe[21776] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text D:\Mozilla Firefox\plugin-container.exe[21776] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text D:\Mozilla Firefox\plugin-container.exe[21776] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text D:\Mozilla Firefox\plugin-container.exe[21776] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text D:\Mozilla Firefox\plugin-container.exe[21776] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text D:\Mozilla Firefox\plugin-container.exe[21776] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text D:\Mozilla Firefox\plugin-container.exe[21820] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text D:\Mozilla Firefox\plugin-container.exe[21820] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text D:\Mozilla Firefox\plugin-container.exe[21820] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text D:\Mozilla Firefox\plugin-container.exe[21820] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text D:\Mozilla Firefox\plugin-container.exe[21820] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text D:\Mozilla Firefox\plugin-container.exe[21820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text D:\Mozilla Firefox\plugin-container.exe[21820] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text D:\Mozilla Firefox\plugin-container.exe[21820] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text D:\Mozilla Firefox\plugin-container.exe[21820] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text D:\Mozilla Firefox\plugin-container.exe[21820] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text D:\Mozilla Firefox\plugin-container.exe[21820] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text D:\Mozilla Firefox\plugin-container.exe[21820] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 1082FE5B D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\plugin-container.exe[21820] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 1082FDEA D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\plugin-container.exe[21820] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 1045E982 D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\plugin-container.exe[21820] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text D:\Mozilla Firefox\plugin-container.exe[21820] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 1045EE7F D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\plugin-container.exe[21820] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text D:\Mozilla Firefox\plugin-container.exe[21820] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text D:\Mozilla Firefox\plugin-container.exe[21820] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text D:\Mozilla Firefox\firefox.exe[21952] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text D:\Mozilla Firefox\firefox.exe[21952] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text D:\Mozilla Firefox\firefox.exe[21952] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text D:\Mozilla Firefox\firefox.exe[21952] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text D:\Mozilla Firefox\firefox.exe[21952] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text D:\Mozilla Firefox\firefox.exe[21952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01C7D180 D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\firefox.exe[21952] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text D:\Mozilla Firefox\firefox.exe[21952] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text D:\Mozilla Firefox\firefox.exe[21952] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text D:\Mozilla Firefox\firefox.exe[21952] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01FC6B9C D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\firefox.exe[21952] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text D:\Mozilla Firefox\firefox.exe[21952] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01FC6B79 D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\firefox.exe[21952] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01C8F84B D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\firefox.exe[21952] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text D:\Mozilla Firefox\firefox.exe[21952] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text D:\Mozilla Firefox\firefox.exe[21952] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01FC6AFA D:\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Mozilla Firefox\firefox.exe[21952] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text D:\Mozilla Firefox\firefox.exe[21952] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text D:\Mozilla Firefox\firefox.exe[21952] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text D:\Mozilla Firefox\firefox.exe[21952] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text D:\Mozilla Firefox\firefox.exe[21952] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text D:\Mozilla Firefox\firefox.exe[21952] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtCreateFile + 6 7C90D0B4 2 Bytes [28, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtCreateFile + 9 7C90D0B7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtCreateFile + 9 7C90D0B7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01016390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtMapViewOfSection + 6 7C90D524 2 Bytes [28, A3] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtMapViewOfSection + 9 7C90D527 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtMapViewOfSection + 9 7C90D527 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenFile + 6 7C90D5A4 2 Bytes [68, A0] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenFile + 9 7C90D5A7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenFile + 9 7C90D5A7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcess + 6 7C90D604 2 Bytes [A8, A1] {TEST AL, 0xa1} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcess + 9 7C90D607 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcess + 9 7C90D607 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcessToken + 6 7C90D614 2 Bytes CALL 7B91D4BA .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcessToken + 9 7C90D617 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcessToken + 9 7C90D617 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 2 Bytes [A8, A2] {TEST AL, 0xa2} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcessTokenEx + 9 7C90D627 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenProcessTokenEx + 9 7C90D627 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThread + 6 7C90D664 2 Bytes [68, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThread + 9 7C90D667 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThread + 9 7C90D667 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThreadToken + 6 7C90D674 2 Bytes [68, A2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThreadToken + 9 7C90D677 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThreadToken + 9 7C90D677 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 2 Bytes CALL 7B91D52B .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThreadTokenEx + 9 7C90D687 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtOpenThreadTokenEx + 9 7C90D687 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 2 Bytes [A8, A0] {TEST AL, 0xa0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtQueryAttributesFile + 9 7C90D717 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtQueryAttributesFile + 9 7C90D717 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01016640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 2 Bytes CALL 7B91D659 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtQueryFullAttributesFile + 9 7C90D7B7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtQueryFullAttributesFile + 9 7C90D7B7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010153D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtSetInformationFile + 6 7C90DC64 2 Bytes [28, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtSetInformationFile + 9 7C90DC67 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtSetInformationFile + 9 7C90DC67 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 2 Bytes [28, A2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtSetInformationThread + 9 7C90DCB7 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtSetInformationThread + 9 7C90DCB7 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 2 Bytes [68, A3] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtUnmapViewOfSection + 9 7C90DF17 1 Byte [00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!NtUnmapViewOfSection + 9 7C90DF17 3 Bytes [00, FF, E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01015300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01011D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] WS2_32.dll!send 71A54C27 5 Bytes JMP 01017250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01012160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 010120A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[21976] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 010123A0 .text E:\Downloads\ts7jmieu.exe[22228] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text E:\Downloads\ts7jmieu.exe[22228] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text E:\Downloads\ts7jmieu.exe[22228] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text E:\Downloads\ts7jmieu.exe[22228] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text E:\Downloads\ts7jmieu.exe[22228] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text E:\Downloads\ts7jmieu.exe[22228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00161290 .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!MoveFileW 7C822989 5 Bytes JMP 00162570 .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!CopyFileA 7C829E16 5 Bytes JMP 00161000 .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!CopyFileW 7C830F97 5 Bytes JMP 001610A0 .text E:\Downloads\ts7jmieu.exe[22228] kernel32.dll!MoveFileA 7C835E97 5 Bytes JMP 00162510 .text E:\Downloads\ts7jmieu.exe[22228] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text E:\Downloads\ts7jmieu.exe[22228] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text E:\Downloads\ts7jmieu.exe[22228] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text E:\Downloads\ts7jmieu.exe[22228] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text E:\Downloads\ts7jmieu.exe[22228] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text E:\Downloads\ts7jmieu.exe[22228] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text E:\Downloads\ts7jmieu.exe[22228] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text E:\Downloads\ts7jmieu.exe[22228] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 78, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B76390 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 7B, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 78, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 79, B4, 00] {TEST AL, 0x79; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918A92 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 7A, B4, 00] {TEST AL, 0x7a; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 79, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 7A, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918B03 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 78, B4, 00] {TEST AL, 0x78; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B76640 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918C31 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B753D0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 79, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 7A, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 7B, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B75300 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F180F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F140F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B71D10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B77250 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B72160 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B720A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[22332] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B723A0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E67232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E66730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E66F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9E7AEB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 2.1 ---- IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\swdoctor.exe[252] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [00425C38] D:\Spyware Doctor\swdoctor.exe (Spyware Doctor/PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT D:\Spyware Doctor\sdhelp.exe[556] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042B398] D:\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[836] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E50010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00AE0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2240] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00B30010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E00010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 007D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[18728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00AF0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[21400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00FC0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[21716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00B50010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[21976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 011B0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[22332] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00D10010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A5451E8 AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.) Device \FileSystem\Fastfat \FatCdrom 8A068430 Device \Driver\usbuhci \Device\USBPDO-0 8A2DB1E8 Device \Driver\usbuhci \Device\USBPDO-1 8A2DB1E8 Device \Driver\usbuhci \Device\USBPDO-2 8A2DB1E8 Device \Driver\usbuhci \Device\USBPDO-3 8A2DB1E8 Device \Driver\PCI_PNP6574 \Device\00000047 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\usbehci \Device\USBPDO-4 8A2C41E8 Device \Driver\USBSTOR \Device\00000070 8A044430 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) Device \Driver\USBSTOR \Device\00000071 8A044430 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) Device \Driver\USBSTOR \Device\00000072 8A044430 Device \Driver\Cdrom \Device\CdRom0 8A060970 Device \FileSystem\Rdbss \Device\FsWrap 8A4C5198 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A0D8A68 Device \Driver\atapi \Device\Ide\IdePort0 8A0D8A68 Device \Driver\atapi \Device\Ide\IdePort1 8A0D8A68 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A0D8A68 Device \Driver\USBSTOR \Device\00000073 8A044430 Device \Driver\Cdrom \Device\CdRom1 8A060970 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) Device \Driver\Cdrom \Device\CdRom2 8A060970 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) Device \Driver\NetBT \Device\NetBt_Wins_Export 8A07D430 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG) Device \Driver\NetBT \Device\NetbiosSmb 8A07D430 Device \FileSystem\Srv \Device\LanmanServer 89535248 Device \Driver\usbuhci \Device\USBFDO-0 8A2DB1E8 Device \Driver\usbuhci \Device\USBFDO-1 8A2DB1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A06B430 Device \Driver\usbuhci \Device\USBFDO-2 8A2DB1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A06B430 Device \Driver\usbuhci \Device\USBFDO-3 8A2DB1E8 Device \FileSystem\Npfs \Device\NamedPipe 8A388630 Device \Driver\usbehci \Device\USBFDO-4 8A2C41E8 Device \FileSystem\Msfs \Device\Mailslot 8A4D5708 Device \Driver\NetBT \Device\NetBT_Tcpip_{6271C5F3-3681-4907-BF00-7A7A8BE6C440} 8A07D430 Device \Driver\afi51akp \Device\Scsi\afi51akp1 8A08F008 Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A07D008 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 8A07D008 Device \Driver\afi51akp \Device\Scsi\afi51akp1Port3Path0Target0Lun0 8A08F008 Device \FileSystem\Fastfat \Fat 8A068430 AttachedDevice \FileSystem\Fastfat \Fat ikhfile.sys (PCTools Research Pty Ltd.) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A2B8888 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A2B8888 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A2B8888 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A2B8888 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A2B8888 Device \FileSystem\Cdfs \Cdfs 8A081430 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a0d8a68]<< 8a0d8a68 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4d4030] 8a4d4030 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a4d7f18] 8a4d7f18 Trace 5 ACPI.sys[b9e3b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4d6940] 8a4d6940 Trace \Driver\atapi[0x8a519200] -> IRP_MJ_CREATE -> 0x8a0d8a68 8a0d8a68 ---- Modules - GMER 2.1 ---- Module _________ (FILE NOT FOUND) B9DED000-B9E05000 (98304 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x05 0x6B 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x59 0x4A 0x2A 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0x92 0xD9 0x8D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x05 0x6B 0x56 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x59 0x4A 0x2A 0x95 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0x92 0xD9 0x8D ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Bia\Dane aplikacji\Qmrcrs.exe On-Demand Scanner Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\xpsp1res.dll,-10078 Wybiera programy domy?lne dla pewnych czynno?ci, takich jak przegl?danie sieci Web lub wysy?anie poczty e-mail i okre?la, kt?re programy s? dost?pne w menu Start, na pulpicie i w innych lokalizacjach. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\ComboFix\WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe Samorozpakowuj?cy si? plik typu .cab Win32 ---- EOF - GMER 2.1 ----