GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-09-30 14:17:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9320320AS rev.0303 298,09GB Running: m57g1hli.exe; Driver: C:\Users\OKURWI~1\AppData\Local\Temp\kwdcafob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\system32\svchost.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\System32\svchost.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\taskeng.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\SysWOW64\rundll32.exe[1936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Program Files (x86)\LPT\srptm.exe[2392] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Program Files (x86)\Surftastic\updateSurftastic.exe[2700] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Windows\System32\svchost.exe[2612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\system32\taskhost.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\Explorer.EXE[1060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Windows\Explorer.EXE[1060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\system32\taskeng.exe[3180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3572] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075d88769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000779deeed 1 byte [62] .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bf0660 5 bytes JMP 0000000077d50460 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077bf06b0 5 bytes JMP 0000000077d50450 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bf0810 5 bytes JMP 0000000077d50370 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bf0860 5 bytes JMP 0000000077d50470 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bf0870 5 bytes JMP 0000000077d503e0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bf0920 5 bytes JMP 0000000077d50320 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077bf0950 5 bytes JMP 0000000077d503b0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077bf0970 5 bytes JMP 0000000077d50390 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077bf09b0 5 bytes JMP 0000000077d502e0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bf0a30 5 bytes JMP 0000000077d502d0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bf0a50 5 bytes JMP 0000000077d50310 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bf0a90 5 bytes JMP 0000000077d503c0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bf0ae0 5 bytes JMP 0000000077d503f0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077bf0c40 5 bytes JMP 0000000077d50230 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bf0e00 5 bytes JMP 0000000077d50480 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077bf0e30 5 bytes JMP 0000000077d503a0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bf0f10 5 bytes JMP 0000000077d502f0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077bf0f20 5 bytes JMP 0000000077d50350 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bf0f80 5 bytes JMP 0000000077d50290 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bf1010 5 bytes JMP 0000000077d502b0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bf1030 5 bytes JMP 0000000077d503d0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077bf1040 5 bytes JMP 0000000077d50330 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077bf10b0 5 bytes JMP 0000000077d50410 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077bf10e0 5 bytes JMP 0000000077d50240 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bf13a0 5 bytes JMP 0000000077d501e0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077bf1460 5 bytes JMP 0000000077d50250 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077bf1490 5 bytes JMP 0000000077d50490 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bf14a0 5 bytes JMP 0000000077d504a0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077bf14d0 5 bytes JMP 0000000077d50300 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077bf14e0 5 bytes JMP 0000000077d50360 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077bf1540 5 bytes JMP 0000000077d502a0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077bf1590 5 bytes JMP 0000000077d502c0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bf15c0 5 bytes JMP 0000000077d50380 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077bf15d0 5 bytes JMP 0000000077d50340 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077bf18c0 5 bytes JMP 0000000077d50440 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077bf1ac0 5 bytes JMP 0000000077d50260 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077bf1ad0 5 bytes JMP 0000000077d50270 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077bf1ae0 5 bytes JMP 0000000077d50400 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bf1ca0 5 bytes JMP 0000000077d501f0 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077bf1cb0 5 bytes JMP 0000000077d50210 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bf1d20 5 bytes JMP 0000000077d50200 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077bf1d80 5 bytes JMP 0000000077d50420 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077bf1d90 5 bytes JMP 0000000077d50430 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bf1da0 5 bytes JMP 0000000077d50220 .text C:\Windows\System32\svchost.exe[4240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077bf1e80 5 bytes JMP 0000000077d50280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Program Files (x86)\Steam\steam.exe[10712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[9660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[10868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[7900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] .text D:\Instalki nowe\GM\m57g1hli.exe[10152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075daa2ba 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAcquireRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeQueryActiveProcessors] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeleteSymbolicLink] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoRegisterShutdownNotification] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAppendUnicodeToString] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeDpc] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetTimerEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoUnregisterShutdownNotification] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!InitSafeBootMode] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoIsWdmVersionAvailable] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExDeleteResourceLite] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoCreateSymbolicLink] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCopyUnicodeString] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExInitializeResourceLite] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeInitializeTimerEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeCancelTimer] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnmapLockedPages] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreeContiguousMemory] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnmapIoSpace] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmMapIoSpace] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreePagesFromMdl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAcquireResourceExclusiveLite] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeLeaveCriticalRegion] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeEnterCriticalRegion] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExAcquireResourceSharedLite] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExReleaseResourceLite] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IofCompleteRequest] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmUnlockPages] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlDeleteElementGenericTableAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInsertElementGenericTableAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsLookupProcessByProcessId] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeUnstackDetachProcess] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlIsGenericTableEmptyAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlInitializeGenericTableAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlEnumerateGenericTableAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObfDereferenceObject] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLookupElementGenericTableAvl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeStackAttachProcess] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwOpenFile] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsGetProcessWin32Process] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoGetCurrentProcess] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmIsAddressValid] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExUnregisterCallback] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwCreateKey] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeResetEvent] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsSetLoadImageNotifyRoutine] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetPriorityThread] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetEvent] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCheckRegistryKey] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsSetCreateProcessNotifyRoutine] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocatePagesForMdl] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsCreateSystemThread] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwQueryValueKey] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsTerminateSystemThread] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObReferenceObjectByHandle] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsRemoveLoadImageNotifyRoutine] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExRegisterCallback] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!PsThreadType] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCompareUnicodeString] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeSetSystemAffinityThread] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeWaitForMultipleObjects] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetPhysicalMemoryRanges] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExCreateCallback] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocateContiguousMemorySpecifyCache] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!DbgPrint] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmFreeMappingAddress] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmAllocateMappingAddress] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ProbeForRead] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ExGetPreviousMode] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ObOpenObjectByPointer] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwSetSecurityObject] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!IoDeviceObjectType] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!_snwprintf] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLengthSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!SeCaptureSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlCreateSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlSetDaclSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!SeExports] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!wcschr] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!_wcsnicmp] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlLengthSid] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlAddAccessAllowedAce] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetSaclSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetDaclSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetGroupSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlGetOwnerSecurityDescriptor] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwSetValueKey] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!RtlFreeUnicodeString] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwMapViewOfSection] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwUnmapViewOfSection] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!ZwCreateSection] [?] IAT C:\Windows\System32\Drivers\aswVmm.sys[ntoskrnl.exe!__C_specific_handler] [?] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????????????????T??????????????????? ???????????????????&?0??????????00????????? ??????????????????? ?0??????????00?????????????????????????????s??????oo??ACPI-Thermozone??3??acpi\thermalzone?4???????:?????????????????????????????????????????? NOEXECUTE=OPTIN?CUTE=OPTIN DEBUG DEBUGPORT=COM1 BAUDRATE=115200?????? ???????0?????0&2??????d?????????????????????@?????????????????????????????%systemroot%\system32\scext.dll???????"?????????????????????? ??d???????????????????????????? ???????&?????????????0????????????????????? ?????????????????????0????????????????????? ???????????????????&?0????????????????????? ?????????????????????0????????????????????? ???????????????????&?0??????????????????????????{0.0.0.00000000}.{982794ee-a968-46b9-8926-ec7f528b94fa}/00010000???????????????????????????????????$?????????????????????????????????????????\???????????????????? ??????????????????????????????????????\???????????????????? ??????????????????????????????????????\???????????????????? ????????????????????????A???-? Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{5ac9bb17-f244-4224-9bde-8a34b09415e6}@Dhcpv6MaxLeaseExpireTime 1412065490 Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{5ac9bb17-f244-4224-9bde-8a34b09415e6}@Dhcpv6LeaseObtainedTime 1412065430 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52a31-415f-11e4-8f59-00248c8ab7b5} 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52a31-415f-11e4-8f59-00248c8ab7b5}\C 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52a31-415f-11e4-8f59-00248c8ab7b5}\C\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5} 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users\Okurwiencze 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users\Okurwiencze\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users\Okurwiencze\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users\Okurwiencze\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users\Okurwiencze\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users\Okurwiencze\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52ac3-415f-11e4-8f59-00248c8ab7b5}\C\Users\Okurwiencze\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52b24-415f-11e4-8f59-00248c8ab7b5} 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52b24-415f-11e4-8f59-00248c8ab7b5}\C 0 bytes File C:\avast! sandbox\S-1-5-21-3825525903-336485760-839643112-1000\r44\UpdateTask.exe_{a2f52b24-415f-11e4-8f59-00248c8ab7b5}\C\Windows 0 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 25600 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{a2f52a33-415f-11e4-8f59-00248c8ab7b5}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{a2f52a33-415f-11e4-8f59-00248c8ab7b5}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{a2f52a33-415f-11e4-8f59-00248c8ab7b5}.TMContainer00000000000000000002.regtrans-ms 524288 bytes File C:\Users\Okurwiencze\AppData\Local\Opera\Opera\cache\assoc002\sesn\opr00H23.000 30172 bytes File C:\Users\Okurwiencze\AppData\Local\Opera\Opera\cache\sesn\opr00H23.tmp 18212 bytes File C:\Users\Okurwiencze\AppData\Local\Opera\Opera\cache\sesn\opr00H27.tmp 40442 bytes File C:\Users\Okurwiencze\AppData\Local\Opera\Opera\cache\sesn\opr00H29.tmp 0 bytes File C:\Users\Okurwiencze\AppData\Local\Opera\Opera\cache\sesn\opr00H2A.tmp 0 bytes ---- EOF - GMER 2.1 ----