GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-18 09:18:39 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SBDO Running: dmwpuond.exe; Driver: C:\Users\Jolemac\AppData\Local\Temp\axlirfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F445536] SSDT 90BABB50 ZwAlertResumeThread SSDT 90BABC30 ZwAlertThread SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x903077BA] SSDT 8EF68F70 ZwAlpcConnectPort SSDT 8F8C1D88 ZwAssignProcessToJobObject SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F450D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F450DC6] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8FDC9CA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F450F48] SSDT 90BAB8A0 ZwCreateMutant SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90307BAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F450D30] SSDT 8F8C1AA8 ZwCreateSymbolicLinkObject SSDT 8EE24298 ZwCreateThread SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F450F02] SSDT 8F8C1E68 ZwDebugActiveProcess SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F445584] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8FDC9EB8] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8FDCD714] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8FDCD756] SSDT 8F8F6DA0 ZwDuplicateObject SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9030789E] SSDT 90BAB990 ZwImpersonateAnonymousToken SSDT 90BABA70 ZwImpersonateThread SSDT 8EEEDD60 ZwLoadDriver SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8FDCD8FA] SSDT 8F8F6990 ZwMapViewOfSection SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F4455D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F44A2A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F447292] SSDT 90BAB7C0 ZwOpenEvent SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F450DE8] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8FDC9DCA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F450F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F450D0E] SSDT 8EE24180 ZwOpenProcess SSDT 8F8F6CE0 ZwOpenProcessToken SSDT 90BAB600 ZwOpenSection SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F450D58] SSDT 8F8F6E70 ZwOpenThread SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F450F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90307A1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F44715E] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8FDCD85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8F446D08] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8FDCD7A8] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8FDCD7EA] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8FDCD824] SSDT 90BABD10 ZwResumeThread SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F445620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F44566E] SSDT 90BABF90 ZwSetContextThread SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8FDC9F6A] SSDT 8F8F6800 ZwSetInformationProcess SSDT 8F8C1F48 ZwSetSystemInformation SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F445426] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8FDCD69C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F4453CC] SSDT 90BAB6E0 ZwSuspendProcess SSDT 90BABDF0 ZwSuspendThread SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F445496] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90307AE8] SSDT 90BABED0 ZwTerminateThread SSDT 8F8F68D0 ZwUnmapViewOfSection SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F4456BC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90307954] SSDT 8F8C1B98 ZwCreateThreadEx Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9031F744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 822E57D0 4 Bytes [36, 55, 44, 8F] .text ntkrnlpa.exe!KeSetEvent + 11D 822E57E0 8 Bytes [50, BB, BA, 90, 30, BC, BA, ...] .text ntkrnlpa.exe!KeSetEvent + 131 822E57F4 4 Bytes [BA, 77, 30, 90] .text ntkrnlpa.exe!KeSetEvent + 13D 822E5800 4 Bytes [70, 8F, F6, 8E] .text ntkrnlpa.exe!KeSetEvent + 191 822E5854 4 Bytes [88, 1D, 8C, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8241062F 5 Bytes JMP 9031C61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82469543 5 Bytes JMP 9031E0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82472E68 4 Bytes CALL 8F447959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82476ADC 4 Bytes CALL 8F44796F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 824CADF6 7 Bytes JMP 9031F748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\taskeng.exe[328] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[328] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000903FC .text C:\Windows\system32\taskeng.exe[328] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\taskeng.exe[328] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[328] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 000C0600 .text C:\Windows\system32\taskeng.exe[328] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\taskeng.exe[328] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\taskeng.exe[328] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\taskeng.exe[328] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\csrss.exe[656] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\wininit.exe[700] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[712] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[712] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[712] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[712] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[712] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 000C0600 .text C:\Windows\system32\wbem\wmiprvse.exe[712] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\wbem\wmiprvse.exe[712] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wbem\wmiprvse.exe[712] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wbem\wmiprvse.exe[712] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[756] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\services.exe[772] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\lsm.exe[796] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text ... .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1212] ntdll.dll!KiUserApcDispatcher 77485B78 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.) .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1212] kernel32.dll!LoadLibraryExW + 173 75B393EF 4 Bytes JMP 71AB000A .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1212] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1212] WS2_32.dll!getaddrinfo 75AE418A 5 Bytes JMP 71A50022 .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1212] WS2_32.dll!gethostbyname 75AF62D4 5 Bytes JMP 71AE0022 .text C:\Windows\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1392] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text ... .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001401F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001403FC .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 001603FC .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00160600 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00161014 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00160804 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00160A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00160C0C .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00160E10 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 001601F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00170600 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00170804 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[1596] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001703FC .text C:\Windows\Explorer.EXE[1600] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[1600] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[1600] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[1600] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[1600] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[1600] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[1600] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[1600] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[1600] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Users\Jolemac\Downloads\dmwpuond.exe[1704] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!SetUnhandledExceptionFilter 75B3A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1968] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2044] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[2044] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[2044] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[2044] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[2044] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 000C0600 .text C:\Windows\system32\Dwm.exe[2044] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\Dwm.exe[2044] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\Dwm.exe[2044] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\Dwm.exe[2044] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000C03FC .text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2080] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00080C0C .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2112] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00090600 .text C:\Windows\system32\taskeng.exe[2112] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00090804 .text C:\Windows\system32\taskeng.exe[2112] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\taskeng.exe[2112] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[2112] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000903FC .text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2196] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2288] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2288] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2288] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001601F8 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001603FC .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 002703FC .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00270600 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00271014 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00270804 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00270A08 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00270C0C .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00270E10 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 002701F8 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00280600 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00280804 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00280A08 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 002801F8 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[2300] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 002803FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000901F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000903FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000B03FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 000B0600 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 000B1014 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 000B0804 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 000B0A08 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 000B0C0C .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 000B0E10 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000B01F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 000C0600 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 000C0804 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2340] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000C03FC .text C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[2396] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2568] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2568] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2568] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2568] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2568] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2568] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2568] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2568] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2568] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000803FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2616] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtCreateFile + 6 7748424A 4 Bytes [28, 00, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtCreateFile + B 7748424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtMapViewOfSection + 6 7748499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtMapViewOfSection + 6 7748499A 4 Bytes [28, 03, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtMapViewOfSection + B 7748499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenFile + 6 77484A2A 4 Bytes [68, 00, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenFile + B 77484A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenProcess + 6 77484AAA 4 Bytes [A8, 01, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenProcess + B 77484AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenProcessToken + 6 77484ABA 4 Bytes CALL 764867C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenProcessToken + B 77484ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenProcessTokenEx + 6 77484ACA 4 Bytes [A8, 02, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenProcessTokenEx + B 77484ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenThread + 6 77484B1A 4 Bytes [68, 01, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenThread + B 77484B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenThreadToken + 6 77484B2A 4 Bytes [68, 02, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenThreadToken + B 77484B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenThreadTokenEx + 6 77484B3A 4 Bytes CALL 76486841 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtOpenThreadTokenEx + B 77484B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtQueryAttributesFile + 6 77484BCA 4 Bytes [A8, 00, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtQueryAttributesFile + B 77484BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtQueryFullAttributesFile + 6 77484C7A 4 Bytes CALL 7648697F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtQueryFullAttributesFile + B 77484C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtSetInformationFile + 6 7748515A 4 Bytes [28, 01, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtSetInformationFile + B 7748515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtSetInformationThread + 6 774851AA 4 Bytes [28, 02, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtSetInformationThread + B 774851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 4 Bytes [68, 03, 1D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ntdll.dll!NtUnmapViewOfSection + B 7748544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 002203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00220600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00221014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00220804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00220A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00220C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00220E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 002201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00230600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00230804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00230A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 002301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2644] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 002303FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2736] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000703FC .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00170600 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00170804 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001703FC .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00180600 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00181014 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00180804 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00180A08 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00180C0C .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00180E10 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2768] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 001801F8 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001401F8 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001403FC .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00160600 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00160804 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00160A08 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001601F8 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001603FC .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 001703FC .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00170600 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00171014 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00170804 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00170A08 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00170C0C .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00170E10 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[2812] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2840] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[2840] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[2840] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[2840] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2840] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[2840] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[2840] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[2840] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[2840] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000803FC .text C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe[2880] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\wermgr.exe[2888] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wermgr.exe[2888] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wermgr.exe[2888] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\wermgr.exe[2888] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wermgr.exe[2888] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 008D0600 .text C:\Windows\system32\wermgr.exe[2888] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 008D0804 .text C:\Windows\system32\wermgr.exe[2888] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 008D0A08 .text C:\Windows\system32\wermgr.exe[2888] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 008D01F8 .text C:\Windows\system32\wermgr.exe[2888] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 008D03FC .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001501F8 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001503FC .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ntdll.dll!KiUserApcDispatcher 77485B78 5 Bytes JMP 0043A9F0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.) .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] kernel32.dll!LoadLibraryExW + 173 75B393EF 4 Bytes JMP 71AC000A .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00180600 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00180804 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00180A08 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001803FC .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] USER32.dll!InSendMessageEx + 3B1 76E3E6B0 6 Bytes JMP 71AE001E .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 003203FC .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00320600 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00321014 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00320804 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00320A08 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00320C0C .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00320E10 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 003201F8 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] WS2_32.dll!getaddrinfo 75AE418A 5 Bytes JMP 719E0022 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3016] WS2_32.dll!gethostbyname 75AF62D4 5 Bytes JMP 71A60022 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001401F8 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001403FC .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00160600 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00160804 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00160A08 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001601F8 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001603FC .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 001703FC .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00170600 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00171014 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00170804 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00170A08 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00170C0C .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00170E10 .text C:\Users\Jolemac\AppData\Local\Akamai\netsession_win.exe[3072] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 001701F8 .text C:\Acer\Empowering Technology\eNet\eNet Service.exe[3116] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001401F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001403FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00160600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00160804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00160A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00170600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00171014 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00170804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00170A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00170C0C .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00170E10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3168] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00290600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00290804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00290A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 002901F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 002903FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 002A03FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 002A0600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 002A1014 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 002A0804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 002A0A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 002A0C0C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 002A0E10 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3296] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 002A01F8 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3388] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 001801F8 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00070600 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00070804 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00070A08 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000701F8 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000703FC .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000803FC .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00080600 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00081014 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00080804 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00080A08 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00080C0C .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00080E10 .text C:\ProgramData\MobileBrServ\mbbservice.exe[3408] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000801F8 .text C:\Acer\Mobility Center\MobilityService.exe[3456] KERNEL32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00070600 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00070804 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00070A08 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000703FC .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 000C0600 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 000C0C0C .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3496] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[3584] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3584] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3584] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00A80600 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00A80804 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00A80A08 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 00A801F8 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 00A803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 001401F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 001403FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00260600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00260804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00260A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 002601F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 002603FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 002703FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00270600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00271014 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00270804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00270A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00270C0C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00270E10 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3676] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 002701F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000901F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000903FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000B03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 000B0600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 000B1014 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 000B0804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 000B0A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 000B0C0C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 000B0E10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000B01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 009B0600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 009B0804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 009B0A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 009B01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3736] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 009B03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000D01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000D03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 000F0600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 000F1014 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 000F0C0C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 000F0E10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00100600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00100804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00100A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001001F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3756] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001003FC .text C:\Windows\system32\svchost.exe[3820] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3820] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3820] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3820] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00090600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00090804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3844] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[3852] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3852] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3852] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00080600 .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00081014 .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00080804 .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00080A08 .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00080C0C .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00080E10 .text C:\Windows\System32\svchost.exe[3852] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[3872] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[3872] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[3872] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[3872] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3872] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00090600 .text C:\Windows\system32\SearchIndexer.exe[3872] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00090804 .text C:\Windows\system32\SearchIndexer.exe[3872] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\SearchIndexer.exe[3872] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[3872] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000903FC .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00170600 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00170804 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00170A08 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 001703FC .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00180600 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00181014 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00180804 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00180A08 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00180C0C .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00180E10 .text C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe[3992] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 001801F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 00A303FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00A30600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00A31014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00A30804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00A30A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00A30C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00A30E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 00A301F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00A40600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00A40804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00A40A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 00A401F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4104] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 00A403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 002F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 002F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtCreateFile + 6 7748424A 4 Bytes [28, 00, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtCreateFile + B 7748424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + 6 7748499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + 6 7748499A 4 Bytes [28, 03, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtMapViewOfSection + B 7748499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenFile + 6 77484A2A 4 Bytes [68, 00, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenFile + B 77484A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcess + 6 77484AAA 4 Bytes [A8, 01, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcess + B 77484AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcessToken + 6 77484ABA 4 Bytes CALL 764877C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcessToken + B 77484ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcessTokenEx + 6 77484ACA 4 Bytes [A8, 02, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenProcessTokenEx + B 77484ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThread + 6 77484B1A 4 Bytes [68, 01, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThread + B 77484B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThreadToken + 6 77484B2A 4 Bytes [68, 02, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThreadToken + B 77484B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThreadTokenEx + 6 77484B3A 4 Bytes CALL 76487841 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtOpenThreadTokenEx + B 77484B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtQueryAttributesFile + 6 77484BCA 4 Bytes [A8, 00, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtQueryAttributesFile + B 77484BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtQueryFullAttributesFile + 6 77484C7A 4 Bytes CALL 7648797F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtQueryFullAttributesFile + B 77484C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationFile + 6 7748515A 4 Bytes [28, 01, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationFile + B 7748515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationThread + 6 774851AA 4 Bytes [28, 02, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtSetInformationThread + B 774851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 4 Bytes [68, 03, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ntdll.dll!NtUnmapViewOfSection + B 7748544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 003303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00330600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00331014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00330804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00330A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00330C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00330E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 003301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00340600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00340804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00340A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 003401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4884] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 003403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!NtMapViewOfSection 77484994 5 Bytes JMP 719B0022 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ntdll.dll!KiUserApcDispatcher + E 77485B86 5 Bytes JMP 01BCE2B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!CreateProcessW 75B11BF3 6 Bytes PUSH 71420022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!CreateNamedPipeW 75B15C0C 6 Bytes PUSH 714E0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!CancelIo 75B1BAE4 6 Bytes PUSH 71560022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!LoadLibraryExW + 173 75B393EF 4 Bytes JMP 71AC000A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!CreateIoCompletionPort 75B39D54 6 Bytes PUSH 714A0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!SetUnhandledExceptionFilter 75B3A8C5 6 Bytes PUSH 719F0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!ReadFile 75B4F0D3 6 Bytes PUSH 71460022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!WriteFile 75B5ABE1 6 Bytes PUSH 71520022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!CloseHandle 75B5B0AD 6 Bytes PUSH 715B0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!GetQueuedCompletionStatus 75B5D315 6 Bytes PUSH 715F0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!CreateProcessAsUserW 75FC1EE9 6 Bytes PUSH 713E0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00080600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00081014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00080804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00080A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00080C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00080E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] WS2_32.dll!getaddrinfo 75AE418A 5 Bytes JMP 71670022 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] GDI32.dll!BitBlt 770C70A6 6 Bytes PUSH 71850022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] GDI32.dll!StretchDIBits 770C78CF 6 Bytes PUSH 71810022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00090600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00090804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00090A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!SetParent 76E3A2AA 6 Bytes PUSH 71770022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!ShowWindow 76E3CA10 6 Bytes PUSH 716F0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!RegisterClassExW 76E3DA30 6 Bytes PUSH 71AE0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!CreateWindowExA 76E3DC2A 6 Bytes JMP 718E000A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!RegisterClassW 76E3E1AB 6 Bytes PUSH 71A60022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!CreateWindowExW 76E41305 6 Bytes JMP 7192000A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!SetWindowLongW 76E413B4 6 Bytes PUSH 71730022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!TranslateMessage 76E501AD 6 Bytes PUSH 716B0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!PeekMessageW 76E5045A 6 Bytes PUSH 71970022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] USER32.dll!GetClipboardData 76E7715A 6 Bytes PUSH 717D0022; RET .text C:\Program Files\Google\Chrome\Application\chrome.exe[5084] CRYPT32.dll!CertVerifyCertificateChainPolicy 7542D3E7 6 Bytes PUSH 71890022; RET .text C:\Windows\system32\DllHost.exe[5340] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 000501F8 .text C:\Windows\system32\DllHost.exe[5340] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 000503FC .text C:\Windows\system32\DllHost.exe[5340] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Windows\system32\DllHost.exe[5340] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 00060600 .text C:\Windows\system32\DllHost.exe[5340] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 00060804 .text C:\Windows\system32\DllHost.exe[5340] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\DllHost.exe[5340] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\DllHost.exe[5340] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00070C0C .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\DllHost.exe[5340] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 000701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 002D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 002D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtCreateFile + 6 7748424A 4 Bytes [28, 00, 2B, 00] {SUB [EAX], AL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtCreateFile + B 7748424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtMapViewOfSection + 6 7748499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtMapViewOfSection + 6 7748499A 4 Bytes [28, 03, 2B, 00] {SUB [EBX], AL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtMapViewOfSection + B 7748499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenFile + 6 77484A2A 4 Bytes [68, 00, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenFile + B 77484A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenProcess + 6 77484AAA 4 Bytes [A8, 01, 2B, 00] {TEST AL, 0x1; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenProcess + B 77484AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenProcessToken + 6 77484ABA 4 Bytes CALL 764875C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenProcessToken + B 77484ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenProcessTokenEx + 6 77484ACA 4 Bytes [A8, 02, 2B, 00] {TEST AL, 0x2; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenProcessTokenEx + B 77484ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenThread + 6 77484B1A 4 Bytes [68, 01, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenThread + B 77484B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenThreadToken + 6 77484B2A 4 Bytes [68, 02, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenThreadToken + B 77484B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenThreadTokenEx + 6 77484B3A 4 Bytes CALL 76487641 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtOpenThreadTokenEx + B 77484B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtQueryAttributesFile + 6 77484BCA 4 Bytes [A8, 00, 2B, 00] {TEST AL, 0x0; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtQueryAttributesFile + B 77484BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtQueryFullAttributesFile + 6 77484C7A 4 Bytes CALL 7648777F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtQueryFullAttributesFile + B 77484C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtSetInformationFile + 6 7748515A 4 Bytes [28, 01, 2B, 00] {SUB [ECX], AL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtSetInformationFile + B 7748515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtSetInformationThread + 6 774851AA 4 Bytes [28, 02, 2B, 00] {SUB [EDX], AL; SUB EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtSetInformationThread + B 774851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 4 Bytes [68, 03, 2B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ntdll.dll!NtUnmapViewOfSection + B 7748544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 004103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 00410600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 00411014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 00410804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 00410A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 00410C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 00410E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 004101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 007E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 007E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 007E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 007E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5872] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 007E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!LdrLoadDll 77449378 5 Bytes JMP 003601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!LdrUnloadDll 7745B680 5 Bytes JMP 003603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtCreateFile + 6 7748424A 4 Bytes [28, 00, 34, 00] {SUB [EAX], AL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtCreateFile + B 7748424F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtMapViewOfSection + 6 7748499A 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtMapViewOfSection + 6 7748499A 4 Bytes [28, 03, 34, 00] {SUB [EBX], AL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtMapViewOfSection + B 7748499F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenFile + 6 77484A2A 4 Bytes [68, 00, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenFile + B 77484A2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcess + 6 77484AAA 4 Bytes [A8, 01, 34, 00] {TEST AL, 0x1; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcess + B 77484AAF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessToken + 6 77484ABA 4 Bytes CALL 76487EC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessToken + B 77484ABF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessTokenEx + 6 77484ACA 4 Bytes [A8, 02, 34, 00] {TEST AL, 0x2; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessTokenEx + B 77484ACF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThread + 6 77484B1A 4 Bytes [68, 01, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThread + B 77484B1F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadToken + 6 77484B2A 4 Bytes [68, 02, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadToken + B 77484B2F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadTokenEx + 6 77484B3A 4 Bytes CALL 76487F41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadTokenEx + B 77484B3F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryAttributesFile + 6 77484BCA 4 Bytes [A8, 00, 34, 00] {TEST AL, 0x0; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryAttributesFile + B 77484BCF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryFullAttributesFile + 6 77484C7A 4 Bytes CALL 7648807F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryFullAttributesFile + B 77484C7F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationFile + 6 7748515A 4 Bytes [28, 01, 34, 00] {SUB [ECX], AL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationFile + B 7748515F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationThread + 6 774851AA 4 Bytes [28, 02, 34, 00] {SUB [EDX], AL; XOR AL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationThread + B 774851AF 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtUnmapViewOfSection + 6 7748544A 4 Bytes [68, 03, 34, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtUnmapViewOfSection + B 7748544F 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] kernel32.dll!GetBinaryTypeW + 70 75B62467 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!CreateServiceW 75FE9EB4 5 Bytes JMP 003A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!DeleteService 75FEA07E 5 Bytes JMP 003A0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!SetServiceObjectSecurity 76026CD9 5 Bytes JMP 003A1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!ChangeServiceConfigA 76026DD9 5 Bytes JMP 003A0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!ChangeServiceConfigW 76026F81 5 Bytes JMP 003A0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!ChangeServiceConfig2A 76027099 5 Bytes JMP 003A0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!ChangeServiceConfig2W 760271E1 5 Bytes JMP 003A0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] ADVAPI32.dll!CreateServiceA 760272A1 5 Bytes JMP 003A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] USER32.dll!SetWindowsHookExA 76E36322 5 Bytes JMP 003B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] USER32.dll!SetWindowsHookExW 76E387AD 5 Bytes JMP 003B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] USER32.dll!UnhookWindowsHookEx 76E398DB 5 Bytes JMP 003B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] USER32.dll!SetWinEventHook 76E39F3A 5 Bytes JMP 003B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5900] USER32.dll!UnhookWinEvent 76E3C06F 5 Bytes JMP 003B03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002 IAT C:\Windows\system32\services.exe[772] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C5F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2616] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72C5F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[4884] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5872] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[5900] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation) Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----