GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-17 22:40:31 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0003 298,09GB Running: cyr89z04.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fxtdapoc.sys ---- System - GMER 2.2 ---- SSDT 89AE0320 ZwAlertResumeThread SSDT 89AE03B8 ZwAlertThread SSDT 89AD2E60 ZwAllocateVirtualMemory SSDT 898CA2E8 ZwAlpcConnectPort SSDT 89AE2230 ZwAssignProcessToJobObject SSDT 89AE0148 ZwCreateMutant SSDT 89AE3008 ZwCreateSymbolicLinkObject SSDT 89ADC4E8 ZwCreateThread SSDT 89AE20D0 ZwCreateThreadEx SSDT 89AE22C8 ZwDebugActiveProcess SSDT 89AD2F80 ZwDuplicateObject SSDT 89ADC1F8 ZwFreeVirtualMemory SSDT 89AE01F0 ZwImpersonateAnonymousToken SSDT 89AE0288 ZwImpersonateThread SSDT 89948600 ZwLoadDriver SSDT 89ADC140 ZwMapViewOfSection SSDT 89AE00B0 ZwOpenEvent SSDT 89AD3480 ZwOpenProcess SSDT 89AD2F08 ZwOpenProcessToken SSDT 89AE2418 ZwOpenSection SSDT 89AD33F8 ZwOpenThread SSDT 89AE2188 ZwProtectVirtualMemory SSDT 89AE3450 ZwQueueApcThread SSDT 89AE33A8 ZwQueueApcThreadEx SSDT 89AE3300 ZwReadVirtualMemory SSDT 89AD3050 ZwResumeThread SSDT 89AD3218 ZwSetContextThread SSDT 89AD3008 ZwSetInformationProcess SSDT 89AE2360 ZwSetSystemInformation SSDT 89AE2008 ZwSuspendProcess SSDT 89AD30E8 ZwSuspendThread SSDT 870D5D28 ZwTerminateProcess SSDT 89AD3180 ZwTerminateThread SSDT 89ADC0A8 ZwUnmapViewOfSection SSDT 89AD2D98 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1579 83A5AF15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83A95232 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 83A9C630 8 Bytes [20, 03, AE, 89, B8, 03, AE, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83A9C648 4 Bytes [60, 2E, AD, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83A9C654 4 Bytes CALL E23352FB .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83A9C6A8 4 Bytes [30, 22, AE, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83A9C724 4 Bytes [48, 01, AE, 89] .text ... ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[556] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[928] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[1312] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1440] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2012] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2448] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3324] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2136] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3540] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1244] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2780] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4360] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4780] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1704] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2304] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2716] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[4304] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[5400] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[4716] kernel32.dll!SetUnhandledExceptionFilter 75DAF6AB 5 Bytes JMP 010787E0 C:\Program Files\PeerBlock\peerblock.exe .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5184] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[1432] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[476] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[1956] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2504] kernel32.dll!SetUnhandledExceptionFilter 75DAF6AB 5 Bytes JMP 00401340 C:\Program Files\OO Software\Defrag\oodag.exe .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[5232] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4804] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[684] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4324] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1760] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5088] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1608] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3552] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[2616] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1516] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[1720] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3456] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4436] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3816] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtCreateFile + 5 77565135 5 Bytes JMP 751D0440 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtCreateKey + 5 77565175 5 Bytes JMP 751D047C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtCreateUserProcess + 5 775652E5 5 Bytes JMP 751D04B8 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtDeleteFile + 5 77565375 5 Bytes JMP 751D04F4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtDeleteKey + 5 77565385 5 Bytes JMP 751D065C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtDeleteValueKey + 5 775653B5 5 Bytes JMP 751D0530 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtMapViewOfSection + 5 77565795 5 Bytes JMP 751D056C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtOpenFile + 5 77565845 5 Bytes JMP 751D05A8 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtOpenKey + 5 77565875 5 Bytes JMP 751D05E4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtOpenKeyEx + 5 77565885 5 Bytes JMP 751D0620 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtRenameKey + 5 77565F35 5 Bytes JMP 751D0698 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtSetInformationFile + 5 775661A5 5 Bytes JMP 751D06D4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtSetValueKey + 5 77566375 5 Bytes JMP 751D0710 C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtTerminateProcess + 5 77566435 5 Bytes JMP 751D074C C:\Windows\System32\SYSFER.DLL .text D:\Logi\cyr89z04.exe[1768] ntdll.dll!NtTerminateThread + 5 77566445 5 Bytes JMP 751D0788 C:\Windows\System32\SYSFER.DLL ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7476562C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747656EA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7478246E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747824E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7477854B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74774CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747750A6] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7477517B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [747766A8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747782A2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747787F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74779052] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7477E1F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74774C31] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \Driver\kbdclass \Device\KeyboardClass0 Tppwr32v.sys Device \Driver\kbdclass \Device\KeyboardClass1 Tppwr32v.sys Device \Driver\mountmgr \Device\MountPointManager SysPlant.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28@c88447147346 0xFE 0xC8 0x65 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28@d8969579963b 0x77 0x62 0x81 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28@0008e06f8f2f 0xFA 0x4E 0x10 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xD7 0x66 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xEA 0xDC 0x36 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28@c88447147346 0xFE 0xC8 0x65 0xDB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28@d8969579963b 0x77 0x62 0x81 0x97 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28@0008e06f8f2f 0xFA 0x4E 0x10 0x05 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xD7 0x66 0x06 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xEA 0xDC 0x36 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@9CB145BA 1995 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----