GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-10 11:49:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST950032 rev.0002 465,76GB Running: igl233m6.exe; Driver: C:\Users\Joanna\AppData\Local\Temp\fxldrpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb7000 45 bytes [00, 10, 00, 00, 02, 00, 70, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fb702f 16 bytes [00, 04, 00, 80, 00, 40, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Windows\system32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Windows\Explorer.EXE[3492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Windows\system32\SearchIndexer.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000100070460 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000100070370 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000100070470 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000100070320 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000100070390 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000100070310 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000100070230 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000100070250 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000100070490 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Windows Sidebar\sidebar.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000100070280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4476] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000766c8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {NOP ; JMP 0xffffffff8879cc4c} .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077ac7ac0 6 bytes {NOP ; JMP 0xffffffff887988e4} .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Program Files\Internet Explorer\iexplore.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4816] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077cbc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077cc1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4816] C:\Windows\syswow64\WS2_32.dll!WSAIoctl 0000000076dc2fe7 5 bytes JMP 000000016f111630 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4816] C:\Windows\syswow64\WS2_32.dll!connect 0000000076dc6bdd 5 bytes JMP 000000016f111550 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077af1360 5 bytes JMP 0000000077c50460 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077af13b0 5 bytes JMP 0000000077c50450 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077af1510 5 bytes JMP 0000000077c50370 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077af1560 5 bytes JMP 0000000077c50470 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 5 bytes JMP 0000000077c503e0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 5 bytes JMP 0000000077c50320 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077af1650 5 bytes JMP 0000000077c503b0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077af1670 5 bytes JMP 0000000077c50390 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077af16b0 5 bytes JMP 0000000077c502e0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077af1730 5 bytes JMP 0000000077c502d0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 5 bytes JMP 0000000077c50310 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 5 bytes JMP 0000000077c503c0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 5 bytes JMP 0000000077c503f0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077af1940 5 bytes JMP 0000000077c50230 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 5 bytes JMP 0000000077c50480 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077af1b30 5 bytes JMP 0000000077c503a0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077af1c10 5 bytes JMP 0000000077c502f0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077af1c20 5 bytes JMP 0000000077c50350 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077af1c80 5 bytes JMP 0000000077c50290 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077af1d10 5 bytes JMP 0000000077c502b0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 5 bytes JMP 0000000077c503d0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077af1d40 5 bytes JMP 0000000077c50330 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077af1db0 5 bytes JMP 0000000077c50410 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077af1de0 5 bytes JMP 0000000077c50240 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 5 bytes JMP 0000000077c501e0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077af2160 5 bytes JMP 0000000077c50250 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077af2190 5 bytes JMP 0000000077c50490 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077af21a0 5 bytes JMP 0000000077c504a0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077af21d0 5 bytes JMP 0000000077c50300 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077af21e0 5 bytes JMP 0000000077c50360 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077af2240 5 bytes JMP 0000000077c502a0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077af2290 5 bytes JMP 0000000077c502c0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077af22c0 5 bytes JMP 0000000077c50380 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077af22d0 5 bytes JMP 0000000077c50340 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077af25c0 5 bytes JMP 0000000077c50440 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077af27c0 5 bytes JMP 0000000077c50260 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077af27d0 5 bytes JMP 0000000077c50270 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077af27e0 5 bytes JMP 0000000077c50400 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 5 bytes JMP 0000000077c501f0 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077af29b0 5 bytes JMP 0000000077c50210 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 5 bytes JMP 0000000077c50200 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077af2a80 5 bytes JMP 0000000077c50420 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077af2a90 5 bytes JMP 0000000077c50430 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 5 bytes JMP 0000000077c50220 .text C:\Windows\system32\AUDIODG.EXE[5736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077af2b80 5 bytes JMP 0000000077c50280 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [864:3620] 000007fefca04af4 Thread C:\Windows\System32\svchost.exe [428:1472] 000007fef90b59a0 Thread C:\Windows\System32\svchost.exe [428:1616] 000007fefd251a70 Thread C:\Windows\System32\svchost.exe [428:3916] 000007fef7bd44e0 Thread C:\Windows\System32\svchost.exe [428:4892] 000007fef7ee88f8 Thread C:\Windows\system32\svchost.exe [1372:1200] 000007fef7b783d8 Thread C:\Windows\system32\svchost.exe [1372:1172] 000007fef7b783d8 Thread C:\Windows\system32\svchost.exe [1372:2464] 000007fef6a53f1c Thread C:\Windows\system32\svchost.exe [1372:2468] 000007fef6a21a38 Thread C:\Windows\system32\svchost.exe [1372:2472] 000007fef6a15388 Thread C:\Windows\system32\svchost.exe [1372:2476] 000007fef69f7738 Thread C:\Windows\system32\svchost.exe [1372:2480] 000007fef69e1f90 Thread C:\Windows\System32\spoolsv.exe [1740:3508] 000007fef45210c8 Thread C:\Windows\System32\spoolsv.exe [1740:3532] 000007fef4486144 Thread C:\Windows\System32\spoolsv.exe [1740:3536] 000007fef50e5fd0 Thread C:\Windows\System32\spoolsv.exe [1740:3540] 000007fef50d3438 Thread C:\Windows\System32\spoolsv.exe [1740:3544] 000007fef50e63ec Thread C:\Windows\System32\spoolsv.exe [1740:3564] 000007fef4845e5c Thread C:\Windows\System32\spoolsv.exe [1740:3584] 000007fef48a5074 Thread C:\Windows\system32\taskhost.exe [3164:3360] 000007fef4a61f38 Thread C:\Windows\system32\taskhost.exe [3164:3528] 000007fefb8b1010 Thread C:\Windows\system32\taskhost.exe [3164:3776] 000007fef7535170 Thread C:\Windows\system32\svchost.exe [3320:3436] 000007fef4998470 Thread C:\Windows\system32\svchost.exe [3320:3440] 000007fef49a2418 Thread C:\Windows\system32\Dwm.exe [3328:3996] 000007fef46ef0d8 Thread C:\Windows\system32\Dwm.exe [3328:4012] 000007fef891abf0 Thread C:\Windows\Explorer.EXE [3492:3288] 000007fefbb46204 Thread C:\Windows\Explorer.EXE [3492:1072] 000007fef87d2154 Thread C:\Windows\Explorer.EXE [3492:3944] 000007feecae2f9c Thread C:\Windows\Explorer.EXE [3492:200] 000007feeb102118 Thread C:\Windows\Explorer.EXE [3492:5904] 000007fefb8b1010 Thread C:\Windows\Explorer.EXE [3492:4924] 000007fefb8ba850 Thread C:\Program Files\Microsoft Security Client\msseces.exe [672:1448] 000007fefbda2bf8 Thread C:\Program Files\Internet Explorer\iexplore.exe [4108:5984] 000007fef1effe98 Thread C:\Program Files\Internet Explorer\iexplore.exe [4108:1048] 000007fef20400bc ---- Files - GMER 2.1 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\ACM-GUI Reloaded - h.sie's Edition V1.15 - h.sie\data\Menu 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\ACM-GUI Reloaded - h.sie's Edition V1.15 - h.sie\data\Menu\MouseCurs 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\ACM-GUI Reloaded - h.sie's Edition V1.15 - h.sie\data\Menu\MouseCurs\Line.tga 262188 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\ACM-GUI Reloaded - h.sie's Edition V1.15 - h.sie\documentation\Readme.txt 13104 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\ImprovedMalloy'sRuler - makman94\data\Menu\MouseCurs\Line.tga 691065 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\SH4 Maptools for SH3-Stock - latemail\data\menu\MouseCurs\LineExt.tga 262162 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\SH4 Maptools for SH3-Stock - latemail\data\menu\MouseCurs\ProtractorExt.tga 262162 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\SH4 Maptools for SH3-Stock - latemail\data\menu\MouseCurs\SquareExt.tga 262162 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\The MaGui mod (version 3.4) - makman94\MaGui 3.4\data\Menu 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\The MaGui mod (version 3.4) - makman94\MaGui 3.4\data\Menu\MouseCurs 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\The MaGui mod (version 3.4) - makman94\MaGui 3.4\data\Menu\MouseCurs\Compass.tga 34208 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH3\The MaGui mod (version 3.4) - makman94\MaGui 3.4\data\Menu\MouseCurs\Pencil.tga 904 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\HiDef Realistic Interface V2.0 - reaper7\data\Menu\MouseCurs\Compass.dds 5588 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\HiDef Realistic Interface V2.0 - reaper7\data\Menu\MouseCurs\Eraser.dds 5588 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\HiDef Realistic Interface V2.0 - reaper7\data\Menu\MouseCurs\Line.dds 5588 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\HiDef Realistic Interface V2.0 - reaper7\data\Menu\MouseCurs\Pencil.dds 5588 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\HiDef Realistic Interface V2.0 - reaper7\data\Menu\MouseCurs\Protractor.dds 5588 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\HiDef Realistic Interface V2.0 - reaper7\data\Menu\MouseCurs\Square.dds 5588 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\NewUIs_TDC_4_3_1_ByTheDarkWraith - TheDarkWraith\data\Menu 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\NewUIs_TDC_4_3_1_ByTheDarkWraith - TheDarkWraith\data\Menu\Gui 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\NewUIs_TDC_4_3_1_ByTheDarkWraith - TheDarkWraith\data\Menu\Gui\NavMapDraggableCompassOuterRing.dds 202208 bytes File C:\Ubisoft\Silent Hunter 5\MODS\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\EQuaTool - Elite Quality Map Tools for SH5 v. 01.01 by AvM\documentation\files_from_other_mods_used\mods for SH5\NewUIs_TDC_4_3_1_ByTheDarkWraith - TheDarkWraith\Documentation\NewUIs_TDC_4_3_1_TheDarkWraith.txt 96779 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Revised_Zones_cfg_Based_On_FX_Update_By_TheDarkWraith\data 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Revised_Zones_cfg_Based_On_FX_Update_By_TheDarkWraith\data\Zones.cfg 55708 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing\data\SingleMissions\AICrewDamageControl\AICrewDamageControl.misge 2294 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing\data\SingleMissions\AICrewDamageControl\AICrewDamageControl.tsr 115 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing_Increased_Flooding_Via_Zones_cfg_file\data\Sea 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing_Increased_Flooding_Via_Zones_cfg_file\data\Sea\NLL 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing_Increased_Flooding_Via_Zones_cfg_file\data\Sea\NLL\NLL.cfg 402 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing_Increased_Flooding_Via_Zones_cfg_file\data\Sea\NLL\NLL.eqp 3088 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing_Increased_Flooding_Via_Zones_cfg_file\data\Sea\NLL\NLL.sns 491 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing_Increased_Flooding_Via_Zones_cfg_file\data\SingleMissions 0 bytes File C:\Ubisoft\Silent Hunter 5\MODS\NewUIs_TDC_7_5_0_TheDarkWraith_Test_Version5\NewUIs_TDC_7_5_0_ByTheDarkWraith\MODS\NewUIs_TDC_7_5_0_ByTheDarkWraith\data\Applications\Generic Patcher\MODS\AI_Crew_Damage_Control_Testing_Increased_Flooding_Via_Zones_cfg_file\data\Zones.cfg 53800 bytes ---- EOF - GMER 2.1 ----