GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-30 06:21:16 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PBBO 149,05GB Running: wnr81mbz.exe; Driver: C:\DOCUME~1\Tomek\USTAWI~1\Temp\uwrcruob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9981459C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x998C8388] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9981502E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x99858316] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x998207F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9982083E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x998209D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x99857CCA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x99820760] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x99820882] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x998207A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9981552C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x99820992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x99815DE4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x99814602] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x998589DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x99858C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x998195C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x99858847] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x998586B2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x998C8450] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x998141EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x99814668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9981998C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x99816874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9982081C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x99820860] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x998209FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x99858026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x99820786] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x99818EA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x99820910] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x998207D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9981929A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x998209B6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x998C85B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9985852D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x99816740] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9985837F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x99816296] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x998D54DA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x99857310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x998146CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x99814734] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x99815C5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x99814284] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9981445A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x99858AE3] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x998143E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x99815FAE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x99816110] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x998144E2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0x99815A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x99815C3E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x998C69E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9981479A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0x9981508A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x998E1BA0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2E0C 805046F4 4 Bytes JMP 8E998141 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [CE, 46, 81, 99, 34, 47, 81, ...] {INTO ; INC ESI; SBB DWORD [ECX-0x667eb8cc], 0x99815c5e} .text ntkrnlpa.exe!ZwCallbackReturn + 306C 80504954 4 Bytes CALL F0E9CA9C .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [AE, 5F, 81, 99, 10, 61, 81, ...] {SCASB ; POP EDI; SBB DWORD [ECX-0x667e9ef0], 0x998144e2} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL 99816F21 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC58A 5 Bytes JMP 998DEA3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C300E 5 Bytes JMP 998E0554 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D11CA 7 Bytes JMP 998E1BA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF809980 1 Byte [E9] .text win32k.sys!EngFreeUserMem + 674 BF809980 5 Bytes JMP 9981B284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C8DC 5 Bytes JMP 9981B162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8139A7 5 Bytes JMP 9981B116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E654 5 Bytes JMP 99819BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF820D61 5 Bytes JMP 9981A6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82D57B 5 Bytes JMP 99819D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82E6F9 5 Bytes JMP 9981B3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83908A 5 Bytes JMP 9981B614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + B8EC BF841AF2 5 Bytes JMP 9981B00A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + E0A8 BF8442AE 5 Bytes JMP 9981A6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + F624 BF84582A 5 Bytes JMP 99819DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 290F BF86C704 5 Bytes JMP 9981A7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4BED BF86E9E2 5 Bytes JMP 9981A22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86EA6D 5 Bytes JMP 9981A508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 584E BF86F643 5 Bytes JMP 99819AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AC2C BF874A21 5 Bytes JMP 9981B1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 67E3 BF87BC40 5 Bytes JMP 9981B33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CE9 5 Bytes JMP 9981A2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4126 BF898826 5 Bytes JMP 9981A4C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B590C 5 Bytes JMP 9981A7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B902A 5 Bytes JMP 9981B56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 35C2 BF8C1C5F 5 Bytes JMP 99819F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A58C BF8EB1E4 5 Bytes JMP 9981A70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFCA5 5 Bytes JMP 998199C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1E74 5 Bytes JMP 9981A008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F20F4 5 Bytes JMP 9981A150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A3E BF91480E 5 Bytes JMP 99819CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEA BF914ABA 5 Bytes JMP 9981A88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2612 BF9153E2 5 Bytes JMP 99819EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F93 BF917D63 5 Bytes JMP 9981A628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1943 BF948240 5 Bytes JMP 9981B4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[220] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\DellTPad\Apntex.exe[324] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\DellTPad\Apntex.exe[324] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\DellTPad\Apntex.exe[324] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\DellTPad\Apntex.exe[324] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\DellTPad\Apntex.exe[324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\DellTPad\Apntex.exe[324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\DellTPad\Apntex.exe[324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\DellTPad\Apntex.exe[324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\DellTPad\Apntex.exe[324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\DellTPad\Apntex.exe[324] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\DellTPad\HidFind.exe[336] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\DellTPad\HidFind.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\DellTPad\HidFind.exe[336] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\DellTPad\HidFind.exe[336] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\DellTPad\HidFind.exe[336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\DellTPad\HidFind.exe[336] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\DellTPad\HidFind.exe[336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\DellTPad\HidFind.exe[336] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\DellTPad\HidFind.exe[336] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\DellTPad\HidFind.exe[336] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\spoolsv.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text c:\program files\idt\wdm\stacsv.exe[636] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text c:\program files\idt\wdm\stacsv.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[712] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\System32\svchost.exe[744] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[744] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[744] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\svchost.exe[744] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\System32\svchost.exe[744] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\NLSSRV32.EXE[784] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\NLSSRV32.EXE[784] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00520804 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00520A08 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00520600 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005201F8 .text C:\WINDOWS\system32\NLSSRV32.EXE[784] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005203FC .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[892] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[916] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[920] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\WINDOWS\System32\SCardSvr.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1108] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1252] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1776] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1776] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2008] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wscntfy.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2008] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wscntfy.exe[2008] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wscntfy.exe[2008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wscntfy.exe[2008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wscntfy.exe[2008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wscntfy.exe[2008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wscntfy.exe[2008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Program Files\Java\jre7\bin\jqs.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2076] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2076] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2076] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE[2140] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003501F8 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003503FC .text C:\WINDOWS\system32\SearchIndexer.exe[2284] KERNEL32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[2284] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00361014 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00360804 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00360A08 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00360C0C .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00360E10 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003601F8 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003603FC .text C:\WINDOWS\system32\SearchIndexer.exe[2284] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00360600 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8 .text C:\WINDOWS\system32\SearchIndexer.exe[2284] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC .text C:\WINDOWS\explorer.exe[2344] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\explorer.exe[2344] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\explorer.exe[2344] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\explorer.exe[2344] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\explorer.exe[2344] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\explorer.exe[2344] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text C:\WINDOWS\explorer.exe[2344] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text C:\WINDOWS\explorer.exe[2344] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text C:\WINDOWS\explorer.exe[2344] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text C:\WINDOWS\explorer.exe[2344] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\hkcmd.exe[2600] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hkcmd.exe[2600] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2600] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hkcmd.exe[2600] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\hkcmd.exe[2600] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\hkcmd.exe[2600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\hkcmd.exe[2600] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\hkcmd.exe[2600] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014 .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804 .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08 .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10 .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8 .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC .text C:\WINDOWS\system32\hkcmd.exe[2600] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2648] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\IDT\WDM\sttray.exe[2704] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\IDT\WDM\sttray.exe[2704] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\IDT\WDM\sttray.exe[2704] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\IDT\WDM\sttray.exe[2704] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\IDT\WDM\sttray.exe[2704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\IDT\WDM\sttray.exe[2704] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\IDT\WDM\sttray.exe[2704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\IDT\WDM\sttray.exe[2704] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\IDT\WDM\sttray.exe[2704] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\IDT\WDM\sttray.exe[2704] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003201F8 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003203FC .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00360804 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00360A08 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00360600 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003601F8 .text C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe[2740] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003603FC .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[3092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3136] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3136] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003C01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003C03FC .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3428] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxsrvc.exe[3444] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[3444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxsrvc.exe[3444] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\igfxext.exe[3520] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxext.exe[3520] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\igfxext.exe[3520] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxext.exe[3520] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\igfxext.exe[3520] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxext.exe[3520] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxext.exe[3520] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxext.exe[3520] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxext.exe[3520] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxext.exe[3520] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\SetPoint\SetPoint.exe[3648] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\SetPoint\SetPoint.exe[3648] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\SetPoint\SetPoint.exe[3648] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\SetPoint\SetPoint.exe[3648] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\SetPoint\SetPoint.exe[3648] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\SetPoint\SetPoint.exe[3648] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\SetPoint\SetPoint.exe[3648] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\SetPoint\SetPoint.exe[3648] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\SetPoint\SetPoint.exe[3648] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\SetPoint\SetPoint.exe[3648] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\ctfmon.exe[3772] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[3772] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3772] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[3772] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\ctfmon.exe[3772] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\ctfmon.exe[3772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\WINDOWS\system32\ctfmon.exe[3772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\WINDOWS\system32\ctfmon.exe[3772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\WINDOWS\system32\ctfmon.exe[3772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\WINDOWS\system32\ctfmon.exe[3772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\WINDOWS\System32\alg.exe[3824] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3824] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3824] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3824] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3924] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\igfxpers.exe[3996] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxpers.exe[3996] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[3996] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxpers.exe[3996] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[3996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxpers.exe[3996] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxpers.exe[3996] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxpers.exe[3996] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxpers.exe[3996] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxpers.exe[3996] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003C01F8 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003C03FC .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Gemplus\GemSafe Libraries\BIN\RegTool.exe[4036] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\DellTPad\Apoint.exe[4048] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\DellTPad\Apoint.exe[4048] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\DellTPad\Apoint.exe[4048] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\DellTPad\Apoint.exe[4048] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\DellTPad\Apoint.exe[4048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\DellTPad\Apoint.exe[4048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\DellTPad\Apoint.exe[4048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\DellTPad\Apoint.exe[4048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\DellTPad\Apoint.exe[4048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\DellTPad\Apoint.exe[4048] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003C01F8 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003C03FC .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[4092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 14, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 17, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 14, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 15, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91252E .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 16, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 15, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 16, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91259F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 14, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9126CD .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 15, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 16, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 17, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 007E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 007E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 007F1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 007F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 007F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 007F0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 007F0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 007F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00800804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00800A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00800600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4344] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9143EA .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91445B .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914589 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, 6D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 009C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 009C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009D1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009D0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009D0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 54, F3, 00] {SUB [EBX+ESI*8+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 57, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 54, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 55, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91C96E .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 56, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 55, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 56, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91C9DF .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 54, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CB0D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 55, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 56, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 57, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 012201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 012203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01231014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01230804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01230A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01230C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01230E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 012301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 012303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01230600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01240804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01240A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01240600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 7C, 00] {TEST AL, 0xa5; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9152BE .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 7C, 00] {TEST AL, 0xa6; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91532F .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 7C, 00] {TEST AL, 0xa4; JL 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91545D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 7C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 00AA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 00AA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00AB1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00AB0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00AB0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00AB0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00AB0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00AB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00AB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00AB0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00AC0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00AC0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00AC0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00AC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00AC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C8, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CB, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C8, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C9, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B916AE2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CA, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C9, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CA, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B916B53 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C8, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C9, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CA, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CB, 94, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 00C301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 00C303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00C41014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00C40804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00C40A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00C40C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00C40E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00C40600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C50804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C50A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C50600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C503FC .text C:\Documents and Settings\Tomek\Moje dokumenty\Downloads\wnr81mbz.exe[5188] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Documents and Settings\Tomek\Moje dokumenty\Downloads\wnr81mbz.exe[5188] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 64, 2C, 00] {SUB [ESP+EBP+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 67, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 64, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 65, 2C, 00] {TEST AL, 0x65; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91027E .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 66, 2C, 00] {TEST AL, 0x66; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 65, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 66, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9102EF .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 64, 2C, 00] {TEST AL, 0x64; SUB AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91041D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 65, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 66, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 67, 2C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 006901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 006903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 006A1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 006A0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 006A0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 006A0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 006A0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 006A0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 006B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006B03FC .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003C01F8 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003C03FC .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004A0804 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004A0A08 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004A0600 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004A01F8 .text C:\Program Files\Ericsson\Wireless Manager\WirelessManager.exe[5692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917A9A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917B0B .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917C39 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, A4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 00D301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 00D303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00D41014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00D40804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00D40A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00D40C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00D40E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00D401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00D403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00D40600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D50804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00D50A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00D50600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00D501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00D503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F8, 3C, 00] {SUB AL, BH; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, FB, 3C, 00] {SUB BL, BH; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F8, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F9, 3C, 00] {TEST AL, 0xf9; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B911312 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, FA, 3C, 00] {TEST AL, 0xfa; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F9, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, FA, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B911383 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F8, 3C, 00] {TEST AL, 0xf8; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9114B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F9, 3C, 00] {SUB CL, BH; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, FA, 3C, 00] {SUB DL, BH; CMP AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, FB, 3C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 007901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 007903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 007A1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 007A0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 007A0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 007A0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 007A0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 007A0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 007B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 007B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 007B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6100] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007B03FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT C:\WINDOWS\system32\services.exe[1180] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00630010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00810010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4752] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01070010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00900010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00A80010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 004E0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00B80010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6100] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 005E0010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 37102 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D257427C-20A8-46BA-828C-9C144072B37F}@LeaseObtainedTime 1377803410 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D257427C-20A8-46BA-828C-9C144072B37F}@T1 1377803560 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D257427C-20A8-46BA-828C-9C144072B37F}@T2 1377803672 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D257427C-20A8-46BA-828C-9C144072B37F}@LeaseTerminatesTime 1377803710 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D257427C-20A8-46BA-828C-9C144072B37F}\Parameters\Tcpip@LeaseObtainedTime 1377803410 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D257427C-20A8-46BA-828C-9C144072B37F}\Parameters\Tcpip@T1 1377803560 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D257427C-20A8-46BA-828C-9C144072B37F}\Parameters\Tcpip@T2 1377803672 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D257427C-20A8-46BA-828C-9C144072B37F}\Parameters\Tcpip@LeaseTerminatesTime 1377803710 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 2.1 ----