GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-07 12:18:22 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB Running: ug30dgfe.exe; Driver: C:\Users\Dusiek\AppData\Local\Temp\ufdiipod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004c28ca8 12 bytes {MOV RAX, 0xfffffa800591a2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000149c90460 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000149c90450 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000149c90370 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000149c90470 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 0000000149c903e0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000149c90320 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 0000000149c903b0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000149c90390 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 0000000149c902e0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 0000000149c902d0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000149c90310 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 0000000149c903c0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 0000000149c903f0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000149c90230 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000149c90480 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 0000000149c903a0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 0000000149c902f0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000149c90350 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000149c90290 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 0000000149c902b0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 0000000149c903d0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000149c90330 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000149c90410 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000149c90240 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 0000000149c901e0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000149c90250 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000149c90490 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 0000000149c904a0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000149c90300 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000149c90360 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 0000000149c902a0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 0000000149c902c0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000149c90380 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000149c90340 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000149c90440 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000149c90260 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000149c90270 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000149c90400 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 0000000149c901f0 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000149c90210 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000149c90200 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000149c90420 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000149c90430 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000149c90220 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000149c90280 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000000775903e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000077590400 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\system32\svchost.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000000775903e0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000077590400 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\system32\atiesrxx.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000000775903e0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000077590400 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\System32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\System32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Program Files (x86)\Software Plate\svcgdp.exe[640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000000775903e0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000077590400 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000000775903e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000077590400 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000000775903e0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000077590400 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\system32\svchost.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[2028] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2156] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000000775903e0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000077590400 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\system32\lxeacoms.exe[2264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000100070230 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000100070330 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000100070250 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077402c90 5 bytes JMP 000000010044075c .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077414420 5 bytes JMP 00000001004403a4 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007742f830 5 bytes JMP 0000000100440b14 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007742f890 5 bytes JMP 0000000100440ecc .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 000000010044163c .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007742fbb0 5 bytes JMP 0000000100441284 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 00000001004419f4 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077402c90 5 bytes JMP 00000001001e075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077414420 5 bytes JMP 00000001001e03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007742f830 5 bytes JMP 00000001001e0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007742f890 5 bytes JMP 00000001001e0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000001001e163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007742fbb0 5 bytes JMP 00000001001e1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 00000001001e19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077402c90 5 bytes JMP 000000010021075c .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077414420 5 bytes JMP 00000001002103a4 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007742f830 5 bytes JMP 0000000100210b14 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007742f890 5 bytes JMP 0000000100210ecc .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 000000010021163c .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007742fbb0 5 bytes JMP 0000000100211284 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 00000001002119f4 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\system32\SearchIndexer.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Windows\system32\taskhost.exe[4952] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077402c90 5 bytes JMP 000000010027075c .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077414420 5 bytes JMP 00000001002703a4 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007742f830 5 bytes JMP 0000000100270b14 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007742f890 5 bytes JMP 0000000100270ecc .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 000000010027163c .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007742fbb0 5 bytes JMP 0000000100271284 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 00000001002719f4 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Windows\system32\Dwm.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe[4912] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe[828] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077402c90 5 bytes JMP 000000010020075c .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077414420 5 bytes JMP 00000001002003a4 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007742f830 5 bytes JMP 0000000100200b14 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007742f890 5 bytes JMP 0000000100200ecc .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 000000010020163c .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007742fbb0 5 bytes JMP 0000000100201284 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 00000001002019f4 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000775dfa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000775dfae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000775dfc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000775dffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000775e18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775fc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077601247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3948] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5696] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077402c90 5 bytes JMP 000000010040075c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077414420 5 bytes JMP 00000001004003a4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007742f760 5 bytes JMP 0000000077590460 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007742f7b0 5 bytes JMP 0000000077590450 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007742f830 5 bytes JMP 0000000100400b14 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007742f890 5 bytes JMP 0000000100400ecc .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007742f910 5 bytes JMP 0000000077590370 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007742f960 5 bytes JMP 0000000077590470 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 000000010040163c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007742fa20 5 bytes JMP 0000000077590320 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007742fa50 5 bytes JMP 00000000775903b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007742fa70 5 bytes JMP 0000000077590390 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007742fab0 5 bytes JMP 00000000775902e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007742fb30 5 bytes JMP 00000000775902d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007742fb50 5 bytes JMP 0000000077590310 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007742fb90 5 bytes JMP 00000000775903c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007742fbb0 5 bytes JMP 0000000100401284 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007742fbe0 5 bytes JMP 00000000775903f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007742fd40 5 bytes JMP 0000000077590230 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007742ff00 5 bytes JMP 0000000077590480 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007742ff30 5 bytes JMP 00000000775903a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077430010 5 bytes JMP 00000000775902f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077430020 5 bytes JMP 0000000077590350 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077430080 5 bytes JMP 0000000077590290 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077430110 5 bytes JMP 00000000775902b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077430130 5 bytes JMP 00000000775903d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077430140 5 bytes JMP 0000000077590330 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774301b0 5 bytes JMP 0000000077590410 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774301e0 5 bytes JMP 0000000077590240 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774304a0 5 bytes JMP 00000000775901e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077430560 5 bytes JMP 0000000077590250 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077430590 5 bytes JMP 0000000077590490 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774305a0 5 bytes JMP 00000000775904a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774305d0 5 bytes JMP 0000000077590300 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774305e0 5 bytes JMP 0000000077590360 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077430640 5 bytes JMP 00000000775902a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077430690 5 bytes JMP 00000000775902c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774306c0 5 bytes JMP 0000000077590380 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774306d0 5 bytes JMP 0000000077590340 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774309c0 5 bytes JMP 0000000077590440 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077430bc0 5 bytes JMP 0000000077590260 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077430bd0 5 bytes JMP 0000000077590270 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 00000001004019f4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077430da0 5 bytes JMP 00000000775901f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077430db0 5 bytes JMP 0000000077590210 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077430e20 5 bytes JMP 0000000077590200 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077430e80 5 bytes JMP 0000000077590420 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077430e90 5 bytes JMP 0000000077590430 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077430ea0 5 bytes JMP 0000000077590220 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077430f80 5 bytes JMP 0000000077590280 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1f6e00 5 bytes JMP 000007ff7e211dac .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1f6f2c 5 bytes JMP 000007ff7e210ecc .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1f7220 5 bytes JMP 000007ff7e211284 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1f739c 5 bytes JMP 000007ff7e21163c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1f7538 5 bytes JMP 000007ff7e2119f4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1f75e8 5 bytes JMP 000007ff7e2103a4 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1f790c 5 bytes JMP 000007ff7e21075c .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[6028] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1f7ab4 5 bytes JMP 000007ff7e210b14 .text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[3300] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000775dfa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000775dfae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000775dfc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000775dffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000775e18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775fc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077601247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe[4176] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077402c90 5 bytes JMP 00000001002e075c .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077414420 5 bytes JMP 00000001002e03a4 .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007742f830 5 bytes JMP 00000001002e0b14 .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007742f890 5 bytes JMP 00000001002e0ecc .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007742f970 5 bytes JMP 00000001002e163c .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007742fbb0 5 bytes JMP 00000001002e1284 .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077430be0 5 bytes JMP 00000001002e19f4 .text C:\Windows\explorer.exe[6764] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007721f1fd 1 byte [62] .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe1f6e00 5 bytes JMP 000007ff7e211dac .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe1f6f2c 5 bytes JMP 000007ff7e210ecc .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe1f7220 5 bytes JMP 000007ff7e211284 .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe1f739c 5 bytes JMP 000007ff7e21163c .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe1f7538 5 bytes JMP 000007ff7e2119f4 .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1f75e8 5 bytes JMP 000007ff7e2103a4 .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe1f790c 5 bytes JMP 000007ff7e21075c .text C:\Windows\explorer.exe[6764] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe1f7ab4 5 bytes JMP 000007ff7e210b14 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000775dfa50 5 bytes JMP 0000000100030600 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000775dfae8 5 bytes JMP 0000000100030804 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000775dfc40 5 bytes JMP 0000000100030c0c .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000775dffc8 5 bytes JMP 0000000100030a08 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000775e18b0 5 bytes JMP 0000000100030e10 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775fc4aa 5 bytes JMP 00000001000301f8 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077601247 5 bytes JMP 00000001000303fc .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\user32.DLL!SetWinEventHook 000000007554f0e6 5 bytes JMP 00000001003d01f8 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\user32.DLL!UnhookWinEvent 0000000075553907 5 bytes JMP 00000001003d03fc .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 0000000075558364 5 bytes JMP 00000001003d0600 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 00000000755606b3 5 bytes JMP 00000001003d0804 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 0000000075570efc 5 bytes JMP 00000001003d0a08 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075ab5181 5 bytes JMP 00000001003e1014 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075ab5254 5 bytes JMP 00000001003e0804 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075ab53d5 5 bytes JMP 00000001003e0a08 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075ab54c2 5 bytes JMP 00000001003e0c0c .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075ab55e2 5 bytes JMP 00000001003e0e10 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075ab567c 5 bytes JMP 00000001003e01f8 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075ab589f 5 bytes JMP 00000001003e03fc .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075ab5a22 5 bytes JMP 00000001003e0600 .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000077591465 2 bytes [59, 77] .text C:\Users\Dusiek\Desktop\Downloads\OTL.exe[6592] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000775914bb 2 bytes [59, 77] .text ... * 2 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000775dfa50 5 bytes JMP 0000000100030600 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000775dfae8 5 bytes JMP 0000000100030804 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000775dfc40 5 bytes JMP 0000000100030c0c .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000775dffc8 5 bytes JMP 0000000100030a08 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000775e18b0 5 bytes JMP 0000000100030e10 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775fc4aa 5 bytes JMP 00000001000301f8 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077601247 5 bytes JMP 00000001000303fc .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b0b0c5 1 byte [62] .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075ab5181 5 bytes JMP 0000000100241014 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075ab5254 5 bytes JMP 0000000100240804 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075ab53d5 5 bytes JMP 0000000100240a08 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075ab54c2 5 bytes JMP 0000000100240c0c .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075ab55e2 5 bytes JMP 0000000100240e10 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075ab567c 5 bytes JMP 00000001002401f8 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075ab589f 5 bytes JMP 00000001002403fc .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075ab5a22 5 bytes JMP 0000000100240600 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007554f0e6 5 bytes JMP 00000001002501f8 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075553907 5 bytes JMP 00000001002503fc .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075558364 5 bytes JMP 0000000100250600 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755606b3 5 bytes JMP 0000000100250804 .text C:\Users\Dusiek\Desktop\Downloads\ug30dgfe.exe[1264] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075570efc 5 bytes JMP 0000000100250a08 ---- Devices - GMER 2.1 ---- Device \Driver\a0ogkyba \Device\Scsi\a0ogkyba1 fffffa80059d12c0 Device \Driver\a0ogkyba \Device\Scsi\a0ogkyba1Port1Path0Target0Lun0 fffffa80059d12c0 Device \FileSystem\Ntfs \Ntfs fffffa80023a22c0 Device \Driver\USBSTOR \Device\0000008e fffffa800676a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CA4F9778-626A-4EAB-96A2-C3F974F05512} fffffa80057472c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800591c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80052652c0 Device \Driver\cdrom \Device\CdRom1 fffffa80052652c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{9E19C038-DD7B-4829-B255-EDCC2483F5D9} fffffa80057472c0 Device \Driver\cdrom \Device\CdRom2 fffffa80052652c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800591c2c0 Device \Driver\USBSTOR \Device\00000095 fffffa800676a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1F1C4D9B-C5D3-42E8-AB6B-E70EBD21DBCD} fffffa80057472c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800591c2c0 Device \Driver\USBSTOR \Device\00000096 fffffa800676a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{483DE130-6D5E-479C-B2DA-23476692A940} fffffa80057472c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80057472c0 Device \Driver\USBSTOR \Device\0000008d fffffa800676a2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800591c2c0 Device \Driver\a0ogkyba \Device\ScsiPort1 fffffa80059d12c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a0ogkyba.SYS fffff88003c00000-fffff88003c44000 (278528 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 572 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 5742781 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619b30120 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe79204 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFB 0x18 0x30 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9C 0x27 0x9A 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0xF1 0x12 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 572 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 5742781 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619b30120 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe79204 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFB 0x18 0x30 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9C 0x27 0x9A 0xBD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x12 0xF1 0x12 0xC2 ... ---- EOF - GMER 2.1 ----