GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-17 19:25:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: 97o78b1e.exe; Driver: C:\Users\Merix\AppData\Local\Temp\awddikob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031eb000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031eb02f 23 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\services.exe[568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\IDT\WDM\STacSV64.exe[444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[1364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1372] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe[1484] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001001d075c .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001d03a4 .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001001d0b14 .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001001d0ecc .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001001d163c .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001001d1284 .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001d19f4 .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\taskhost.exe[2100] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001001e075c .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001e03a4 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001001e0b14 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001001e0ecc .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001001e163c .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001001e1284 .text C:\Windows\system32\Dwm.exe[2204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001e19f4 .text C:\Windows\system32\taskeng.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010011075c .text C:\Windows\system32\taskeng.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001103a4 .text C:\Windows\system32\taskeng.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100110b14 .text C:\Windows\system32\taskeng.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100110ecc .text C:\Windows\system32\taskeng.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010011163c .text C:\Windows\system32\taskeng.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100111284 .text C:\Windows\system32\taskeng.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001119f4 .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001001c075c .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001c03a4 .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001001c0b14 .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001001c0ecc .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001001c163c .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001001c1284 .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001c19f4 .text C:\Windows\Explorer.EXE[2352] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\Explorer.EXE[2352] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010021075c .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001002103a4 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100210b14 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100210ecc .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010021163c .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100211284 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001002119f4 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2600] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010023075c .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001002303a4 .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100230b14 .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100230ecc .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010023163c .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100231284 .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001002319f4 .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\lxeacoms.exe[2636] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[1784] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001000e01f8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001000e03fc .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 00000001000e0804 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 00000001000e0600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2976] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 00000001000e0a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2256] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010053075c .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001005303a4 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100530b14 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100530ecc .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010053163c .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100531284 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001005319f4 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3136] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010027075c .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001002703a4 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100270b14 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100270ecc .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010027163c .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100271284 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001002719f4 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\svchost.exe[3156] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001003d075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001003d03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001003d0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001003d0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001003d163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001003d1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001003d19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3200] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 00000001000b0c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 00000001000b0e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076f95181 5 bytes JMP 0000000100111014 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076f95254 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076f953d5 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076f954c2 5 bytes JMP 0000000100110c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076f955e2 5 bytes JMP 0000000100110e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076f9567c 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076f9589f 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3272] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076f95a22 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3580] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001001901f8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001001903fc .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100190804 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100190600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3696] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100190a08 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3896] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3960] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\svchost.exe[4212] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001002c075c .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001002c03a4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001002c0b14 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001002c0ecc .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001002c163c .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001002c1284 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001002c19f4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Program Files\Dell\QuickSet\quickset.exe[4724] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Program Files\IDT\WDM\sttray64.exe[4736] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010022075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001002203a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100220b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100220ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010022163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100221284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001002219f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010022075c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001002203a4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100220b14 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100220ecc .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010022163c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100221284 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001002219f4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[4752] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4772] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002901f8 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002903fc .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100290804 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100290600 .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[4788] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100290a08 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\wbem\wmiprvse.exe[4836] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002c01f8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002c03fc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 00000001002c0804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 00000001002c0600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 00000001002c0a08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076f95181 5 bytes JMP 00000001002d1014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076f95254 5 bytes JMP 00000001002d0804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076f953d5 5 bytes JMP 00000001002d0a08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076f954c2 5 bytes JMP 00000001002d0c0c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076f955e2 5 bytes JMP 00000001002d0e10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076f9567c 5 bytes JMP 00000001002d01f8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076f9589f 5 bytes JMP 00000001002d03fc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4536] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076f95a22 5 bytes JMP 00000001002d0600 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010017075c .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001703a4 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100170b14 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100170ecc .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010017163c .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100171284 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001719f4 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Program Files\Windows Sidebar\sidebar.exe[4392] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!free 0000000076239894 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!malloc 0000000076239cee 5 bytes JMP 000000010a93bed0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 000000007623b0b9 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 000000007623b0c9 5 bytes JMP 000000010a93c140 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!realloc 000000007623b10d 5 bytes JMP 000000010a93bf50 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!calloc 000000007623c456 5 bytes JMP 000000010a93bf10 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_msize 000000007623f43b 5 bytes JMP 000000010a93bf70 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_aligned_free 0000000076255942 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 000000007626028d 5 bytes JMP 000000010a93c080 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 00000000762602a9 5 bytes JMP 000000010a93c0a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 000000007628bfd1 5 bytes JMP 000000010a93c1d0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 000000007628bfe1 5 bytes JMP 000000010a93c0e0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 000000007628c16b 5 bytes JMP 000000010a93c0c0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_expand 000000007628c18a 5 bytes JMP 000000010a93c060 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_heapadd 000000007628dd03 5 bytes JMP 000000010a93c220 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_heapchk 000000007628dd17 5 bytes JMP 000000010a93c230 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 000000007628de16 4 bytes {JMP 0xffffffff946ae43b} .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_heapmin 000000007628de1f 5 bytes JMP 000000010a93c320 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_heapused 000000007628df05 5 bytes JMP 000000010a93c2f0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\msvcrt.dll!_heapwalk 000000007628df18 5 bytes JMP 000000010a93c260 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 000000006fc01073 5 bytes JMP 000000010a93c1d0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!free 000000006fc04b6c 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!malloc 000000006fc04d09 5 bytes JMP 000000010a93bed0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!calloc 000000006fc04f58 5 bytes JMP 000000010a93bf10 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!realloc 000000006fc04f97 5 bytes JMP 000000010a93bf50 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_msize 000000006fc06c6b 5 bytes JMP 000000010a93bf70 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??2@YAPAXI@Z 000000006fc30e13 5 bytes JMP 000000010a93c140 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??3@YAXPAX@Z + 1 000000006fc30e7e 4 bytes {JMP 0xffffffff9ad0b323} .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_malloc 000000006fc30e8c 5 bytes JMP 000000010a93c0a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_free 000000006fc30f77 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_malloc 000000006fc30f8c 5 bytes JMP 000000010a93c080 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_realloc 000000006fc30f9f 5 bytes JMP 000000010a93c0e0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_realloc 000000006fc31196 5 bytes JMP 000000010a93c0c0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_expand 000000006fc311c8 5 bytes JMP 000000010a93c060 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapadd 000000006fc31364 5 bytes JMP 000000010a93c220 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapchk 000000006fc31373 5 bytes JMP 000000010a93c230 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapset + 1 000000006fc3143b 7 bytes {JMP 0xffffffff9ad0ae16} .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapmin + 4 000000006fc31443 1 byte [9A] .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapused 000000006fc314ee 5 bytes JMP 000000010a93c2f0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapwalk 000000006fc314fc 5 bytes JMP 000000010a93c260 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000072ec1b31 5 bytes JMP 000000010a93c1d0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!free 0000000072f03b4e 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!calloc 0000000072f03c40 5 bytes JMP 000000010a93bf10 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!malloc 0000000072f03d3f 5 bytes JMP 000000010a93bed0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??2@YAPAXI@Z 0000000072f03e99 5 bytes JMP 000000010a93c140 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??3@YAXPAX@Z 0000000072f03f03 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_malloc 0000000072f03f33 5 bytes JMP 000000010a93c0a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_free 0000000072f04040 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_malloc 0000000072f0405f 5 bytes JMP 000000010a93c080 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_realloc 0000000072f0407b 5 bytes JMP 000000010a93c0e0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_realloc 0000000072f04288 5 bytes JMP 000000010a93c0c0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_expand 0000000072f0434d 5 bytes JMP 000000010a93c060 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapadd 0000000072f05e88 5 bytes JMP 000000010a93c220 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapchk 0000000072f05e9c 5 bytes JMP 000000010a93c230 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapset + 1 0000000072f05f69 4 bytes {JMP 0xffffffff97a362e8} .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapmin 0000000072f05f72 5 bytes JMP 000000010a93c320 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapused 0000000072f06026 5 bytes JMP 000000010a93c2f0 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapwalk 0000000072f06039 5 bytes JMP 000000010a93c260 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_msize 0000000072f0619b 5 bytes JMP 000000010a93bf70 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!realloc 0000000072f06415 5 bytes JMP 000000010a93bf50 .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm8\MultiTerm Widget.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076f95181 5 bytes JMP 0000000100091014 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076f95254 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076f953d5 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076f954c2 5 bytes JMP 0000000100090c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076f955e2 5 bytes JMP 0000000100090e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076f9567c 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076f9589f 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076f95a22 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001001501f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001001503fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100150804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100150600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4652] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100150a08 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!free 0000000076239894 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!malloc 0000000076239cee 5 bytes JMP 000000010a93bed0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 000000007623b0b9 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 000000007623b0c9 5 bytes JMP 000000010a93c140 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!realloc 000000007623b10d 5 bytes JMP 000000010a93bf50 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!calloc 000000007623c456 5 bytes JMP 000000010a93bf10 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_msize 000000007623f43b 5 bytes JMP 000000010a93bf70 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_aligned_free 0000000076255942 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 000000007626028d 5 bytes JMP 000000010a93c080 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 00000000762602a9 5 bytes JMP 000000010a93c0a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 000000007628bfd1 5 bytes JMP 000000010a93c1d0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 000000007628bfe1 5 bytes JMP 000000010a93c0e0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 000000007628c16b 5 bytes JMP 000000010a93c0c0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_expand 000000007628c18a 5 bytes JMP 000000010a93c060 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_heapadd 000000007628dd03 5 bytes JMP 000000010a93c220 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_heapchk 000000007628dd17 5 bytes JMP 000000010a93c230 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 000000007628de16 4 bytes {JMP 0xffffffff946ae43b} .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_heapmin 000000007628de1f 5 bytes JMP 000000010a93c320 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_heapused 000000007628df05 5 bytes JMP 000000010a93c2f0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\msvcrt.dll!_heapwalk 000000007628df18 5 bytes JMP 000000010a93c260 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001001501f8 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001001503fc .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100150804 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100150600 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100150a08 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 000000006fc01073 5 bytes JMP 000000010a93c1d0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!free 000000006fc04b6c 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!malloc 000000006fc04d09 5 bytes JMP 000000010a93bed0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!calloc 000000006fc04f58 5 bytes JMP 000000010a93bf10 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!realloc 000000006fc04f97 5 bytes JMP 000000010a93bf50 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_msize 000000006fc06c6b 5 bytes JMP 000000010a93bf70 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??2@YAPAXI@Z 000000006fc30e13 5 bytes JMP 000000010a93c140 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!??3@YAXPAX@Z + 1 000000006fc30e7e 4 bytes {JMP 0xffffffff9ad0b323} .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_malloc 000000006fc30e8c 5 bytes JMP 000000010a93c0a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_free 000000006fc30f77 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_malloc 000000006fc30f8c 5 bytes JMP 000000010a93c080 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_offset_realloc 000000006fc30f9f 5 bytes JMP 000000010a93c0e0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_aligned_realloc 000000006fc31196 5 bytes JMP 000000010a93c0c0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_expand 000000006fc311c8 5 bytes JMP 000000010a93c060 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapadd 000000006fc31364 5 bytes JMP 000000010a93c220 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapchk 000000006fc31373 5 bytes JMP 000000010a93c230 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapset + 1 000000006fc3143b 7 bytes {JMP 0xffffffff9ad0ae16} .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapmin + 4 000000006fc31443 1 byte [9A] .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapused 000000006fc314ee 5 bytes JMP 000000010a93c2f0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll!_heapwalk 000000006fc314fc 5 bytes JMP 000000010a93c260 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000072ec1b31 5 bytes JMP 000000010a93c1d0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!free 0000000072f03b4e 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!calloc 0000000072f03c40 5 bytes JMP 000000010a93bf10 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!malloc 0000000072f03d3f 5 bytes JMP 000000010a93bed0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??2@YAPAXI@Z 0000000072f03e99 5 bytes JMP 000000010a93c140 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!??3@YAXPAX@Z 0000000072f03f03 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_malloc 0000000072f03f33 5 bytes JMP 000000010a93c0a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_free 0000000072f04040 5 bytes JMP 000000010a93c1a0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_malloc 0000000072f0405f 5 bytes JMP 000000010a93c080 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_offset_realloc 0000000072f0407b 5 bytes JMP 000000010a93c0e0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_aligned_realloc 0000000072f04288 5 bytes JMP 000000010a93c0c0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_expand 0000000072f0434d 5 bytes JMP 000000010a93c060 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapadd 0000000072f05e88 5 bytes JMP 000000010a93c220 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapchk 0000000072f05e9c 5 bytes JMP 000000010a93c230 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapset + 1 0000000072f05f69 4 bytes {JMP 0xffffffff97a362e8} .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapmin 0000000072f05f72 5 bytes JMP 000000010a93c320 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapused 0000000072f06026 5 bytes JMP 000000010a93c2f0 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_heapwalk 0000000072f06039 5 bytes JMP 000000010a93c260 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!_msize 0000000072f0619b 5 bytes JMP 000000010a93bf70 .text C:\Program Files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe[2396] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll!realloc 0000000072f06415 5 bytes JMP 000000010a93bf50 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[2364] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001002c075c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001002c03a4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001002c0b14 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001002c0ecc .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001002c163c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001002c1284 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001002c19f4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4424] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002503fc .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100250804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100250600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2476] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100250a08 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076f95181 5 bytes JMP 0000000100231014 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076f95254 5 bytes JMP 0000000100230804 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076f953d5 5 bytes JMP 0000000100230a08 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076f954c2 5 bytes JMP 0000000100230c0c .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076f955e2 5 bytes JMP 0000000100230e10 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076f9567c 5 bytes JMP 00000001002301f8 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076f9589f 5 bytes JMP 00000001002303fc .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076f95a22 5 bytes JMP 0000000100230600 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe[4992] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010019075c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001903a4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100190b14 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100190ecc .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010019163c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100191284 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001919f4 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001001e075c .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001e03a4 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001001e0b14 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001001e0ecc .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001001e163c .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001001e1284 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001e19f4 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\System32\svchost.exe[5428] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\DllHost.exe[3400] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4112] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Nero\Update\NASvc.exe[6292] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076f95181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076f95254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076f953d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076f954c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076f955e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076f9567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076f9589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076f95a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6456] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100250a08 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010016075c .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001603a4 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100160b14 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100160ecc .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010016163c .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100161284 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001619f4 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\System32\svchost.exe[6816] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000077128550 5 bytes JMP 00000001003f075c .text C:\Windows\System32\svchost.exe[6816] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007712d440 5 bytes JMP 00000001003f1284 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007712f874 5 bytes JMP 00000001003f0ecc .text C:\Windows\System32\svchost.exe[6816] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077134d4c 5 bytes JMP 00000001003f03a4 .text C:\Windows\System32\svchost.exe[6816] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077148c20 5 bytes JMP 00000001003f0b14 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 00000001003f075c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001003f03a4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 00000001003f0b14 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 00000001003f0ecc .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 00000001003f163c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 00000001003f1284 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001003f19f4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6512] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077243ae0 5 bytes JMP 000000010016075c .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077247a90 5 bytes JMP 00000001001603a4 .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077271490 5 bytes JMP 0000000100160b14 .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772714f0 5 bytes JMP 0000000100160ecc .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772715d0 5 bytes JMP 000000010016163c .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077271810 5 bytes JMP 0000000100161284 .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077272840 5 bytes JMP 00000001001619f4 .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007705eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd986e00 5 bytes JMP 000007ff7d9a1dac .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd986f2c 5 bytes JMP 000007ff7d9a0ecc .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd987220 5 bytes JMP 000007ff7d9a1284 .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd98739c 5 bytes JMP 000007ff7d9a163c .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd987538 5 bytes JMP 000007ff7d9a19f4 .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9875e8 5 bytes JMP 000007ff7d9a03a4 .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd98790c 5 bytes JMP 000007ff7d9a075c .text C:\Windows\system32\SearchIndexer.exe[1500] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd987ab4 5 bytes JMP 000007ff7d9a0b14 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007741faa0 5 bytes JMP 0000000100030600 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007741fb38 5 bytes JMP 0000000100030804 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007741fc90 5 bytes JMP 0000000100030c0c .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077420018 5 bytes JMP 0000000100030a08 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077421900 5 bytes JMP 0000000100030e10 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007743c45a 5 bytes JMP 00000001000301f8 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077441217 5 bytes JMP 00000001000303fc .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007579a30a 1 byte [62] .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076f95181 5 bytes JMP 0000000100241014 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076f95254 5 bytes JMP 0000000100240804 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076f953d5 5 bytes JMP 0000000100240a08 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076f954c2 5 bytes JMP 0000000100240c0c .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076f955e2 5 bytes JMP 0000000100240e10 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076f9567c 5 bytes JMP 00000001002401f8 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076f9589f 5 bytes JMP 00000001002403fc .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076f95a22 5 bytes JMP 0000000100240600 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074f7ee09 5 bytes JMP 00000001002501f8 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074f83982 5 bytes JMP 00000001002503fc .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074f87603 5 bytes JMP 0000000100250804 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074f8835c 5 bytes JMP 0000000100250600 .text C:\Users\Merix\Desktop\97o78b1e.exe[5336] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074f9f52b 5 bytes JMP 0000000100250a08 ---- Threads - GMER 2.1 ---- Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:2440] 0000000077453e45 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:2732] 0000000077452e25 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3096] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3100] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3104] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3108] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3112] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3116] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3120] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3124] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3128] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3132] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3352] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3356] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3360] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:1260] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:1336] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3816] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3872] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3868] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3860] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3856] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3852] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3920] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3256] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3848] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3932] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:1504] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3528] 0000000077453e45 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:4072] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:4044] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:4040] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:440] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:1132] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3924] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3928] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3916] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3912] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:3908] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:1264] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:4632] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:4904] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:4232] 000000006fc029e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MEMOQSERVER\MSSQL\Binn\sqlservr.exe [1828:704] 000000006fc029e1 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4424:5312] 000007fefdd60168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4424:5328] 000007fefb6a2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4424:5512] 000007feed67d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4424:5656] 000007fef5575124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4424:5616] 000007fefdd60168 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5840:5824] 0000000076f97587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5840:5860] 000000005f500cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5840:1788] 0000000077452e25 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5840:6768] 0000000077453e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5840:7112] 0000000077453e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5840:5644] 0000000077453e45 Thread C:\Windows\System32\svchost.exe [6816:4176] 000007feeabb9688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (*** suspicious ***) @ C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [4536] 0000000000400000 Library C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [4324] 0000000000a40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{83925EF0-867C-4B11-B3C9-0694DB158D98}\Connection@Name isatap.{F6D9133F-F121-4F6C-A158-B9D32434F3D2} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{83925EF0-867C-4B11-B3C9-0694DB158D98}?\Device\{A7E5EC83-2BBD-4A4B-B724-9862415CE517}?\Device\{96A0D94E-882B-4EA4-B9D7-8212C3C17284}?\Device\{37812CCF-AE77-48C0-ACBA-844DE4B4C200}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{83925EF0-867C-4B11-B3C9-0694DB158D98}"?"{A7E5EC83-2BBD-4A4B-B724-9862415CE517}"?"{96A0D94E-882B-4EA4-B9D7-8212C3C17284}"?"{37812CCF-AE77-48C0-ACBA-844DE4B4C200}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{83925EF0-867C-4B11-B3C9-0694DB158D98}?\Device\TCPIP6TUNNEL_{A7E5EC83-2BBD-4A4B-B724-9862415CE517}?\Device\TCPIP6TUNNEL_{96A0D94E-882B-4EA4-B9D7-8212C3C17284}?\Device\TCPIP6TUNNEL_{37812CCF-AE77-48C0-ACBA-844DE4B4C200}? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{83925EF0-867C-4B11-B3C9-0694DB158D98}@InterfaceName isatap.{F6D9133F-F121-4F6C-A158-B9D32434F3D2} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{83925EF0-867C-4B11-B3C9-0694DB158D98}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. ---- Files - GMER 2.1 ---- File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001844 46631 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001845 109478 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001846 32277 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001847 902818 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001848 17109 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001849 17293 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00184a 17634 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00184b 17129 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00184c 16975 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00184d 17305 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00184e 17123 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00184f 17229 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001850 16682 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001851 17156 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001852 17620 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001853 17574 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001854 17003 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001855 17291 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001857 17436 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001858 17233 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001859 17055 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00185a 16998 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00185b 17387 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00185c 17257 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00185d 17436 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00185e 17016 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00185f 17393 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001860 17322 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001861 108774 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001862 37058 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001863 75234 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001864 94935 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001865 108552 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001866 89620 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001867 102938 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001868 105584 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001869 101053 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00186b 52122 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00186c 61174 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00186d 21819 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00186e 21041 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00186f 52986 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001870 18129 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001871 56458 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001872 47155 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001873 55554 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001874 21517 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001875 20999 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001876 21578 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001877 23007 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001878 49331 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001879 50358 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00187a 22893 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00187b 20982 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00187c 20868 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00187d 21025 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00187f 49571 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001880 23895 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001881 22191 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001882 20859 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001883 19310 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001884 21571 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001885 20890 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001886 24161 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001887 19929 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001888 19999 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001889 21060 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00188a 17760 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00188b 21669 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00188c 21426 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00188d 47635 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00188e 21385 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00188f 20896 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001890 19510 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001891 48709 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001892 18499 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001893 55853 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001894 57180 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001895 18440 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001896 20149 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001897 20739 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001898 25168 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_001899 23570 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00189a 49188 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00189b 20571 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00189c 22237 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00189d 17384 bytes File C:\Users\Merix\AppData\LocalLow\Google\GoogleEarth\webdata\f_00189e 17705 bytes ---- EOF - GMER 2.1 ----