GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-18 17:21:25 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0003 298,09GB Running: 4srkuoly.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fxtdapoc.sys ---- System - GMER 2.2 ---- SSDT 89B375B0 ZwAlertResumeThread SSDT 8A21E380 ZwAlertThread SSDT 89AFC140 ZwAllocateVirtualMemory SSDT 89989608 ZwAlpcConnectPort SSDT 89B37048 ZwAssignProcessToJobObject SSDT 89B373F8 ZwCreateMutant SSDT 8A221498 ZwCreateSymbolicLinkObject SSDT 89B35660 ZwCreateThread SSDT 8A221540 ZwCreateThreadEx SSDT 89B370E0 ZwDebugActiveProcess SSDT 89AFC008 ZwDuplicateObject SSDT 8A21E240 ZwFreeVirtualMemory SSDT 89B374A0 ZwImpersonateAnonymousToken SSDT 89B37538 ZwImpersonateThread SSDT 8998B600 ZwLoadDriver SSDT 8A21E188 ZwMapViewOfSection SSDT 89B37360 ZwOpenEvent SSDT 89B36EC0 ZwOpenProcess SSDT 89AFC1E8 ZwOpenProcessToken SSDT 89B37230 ZwOpenSection SSDT 89B36E38 ZwOpenThread SSDT 8A2215F8 ZwProtectVirtualMemory SSDT 8A2213F0 ZwQueueApcThread SSDT 8A221348 ZwQueueApcThreadEx SSDT 8A2212A0 ZwReadVirtualMemory SSDT 8A21E418 ZwResumeThread SSDT 8A21E5E0 ZwSetContextThread SSDT 8A21E048 ZwSetInformationProcess SSDT 89B37178 ZwSetSystemInformation SSDT 89B372C8 ZwSuspendProcess SSDT 8A21E4B0 ZwSuspendThread SSDT 89B36090 ZwTerminateProcess SSDT 8A21E548 ZwTerminateThread SSDT 8A21E0F0 ZwUnmapViewOfSection SSDT 89AFC078 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1579 83A75F15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83AB0232 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 83AB7630 8 Bytes [B0, 75, B3, 89, 80, E3, 21, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83AB7648 4 Bytes [40, C1, AF, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83AB7654 4 Bytes [08, 96, 98, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83AB76A8 4 Bytes [48, 70, B3, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83AB7724 4 Bytes [F8, 73, B3, 89] .text ... ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\unsecapp.exe[148] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\services.exe[684] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\winlogon.exe[708] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[744] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\ibmpmsvc.exe[932] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[992] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtCreateFile + B 7790513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtMapViewOfSection + B 7790579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenFile + B 7790584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcess + 6 779058F6 4 Bytes [A8, 31, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcess + B 779058FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessToken + 6 77905906 4 Bytes CALL 7690A23C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessToken + B 7790590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessTokenEx + 6 77905916 4 Bytes [A8, 32, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenProcessTokenEx + B 7790591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThread + 6 77905976 4 Bytes [68, 31, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThread + B 7790597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadToken + 6 77905986 4 Bytes [68, 32, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadToken + B 7790598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadTokenEx + 6 77905996 4 Bytes CALL 7690A2CD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtOpenThreadTokenEx + B 7790599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryAttributesFile + 6 77905AA6 4 Bytes [A8, 30, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryAttributesFile + B 77905AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryFullAttributesFile + 6 77905B56 4 Bytes CALL 7690A48B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtQueryFullAttributesFile + B 77905B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationFile + B 779061AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationThread + 6 77906206 4 Bytes [28, 32, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetInformationThread + B 7790620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtUnmapViewOfSection + 6 77906526 4 Bytes [68, 33, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1232] ntdll.dll!NtUnmapViewOfSection + B 7790652B 1 Byte [E2] .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\RunDll32.exe[1392] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1412] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\WUDFHost.exe[1452] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1632] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1692] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe[1784] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe[1808] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1900] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[1964] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\AcSvc.exe[2012] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Bonjour\mDNSResponder.exe[2068] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\svchost.exe[2108] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2148] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2300] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2372] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2408] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[2452] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodag.exe[2488] kernel32.dll!SetUnhandledExceptionFilter 7670F6AB 5 Bytes JMP 00401340 C:\Program Files\OO Software\Defrag\oodag.exe .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2620] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[2632] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2692] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[2748] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2804] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[2832] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskhost.exe[2872] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2936] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Zoom\TpScrex.exe[2952] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[3072] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[3108] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3132] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3188] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe[3200] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3232] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3268] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateFile + B 7790513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtMapViewOfSection + B 7790579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenFile + B 7790584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcess + 6 779058F6 4 Bytes [A8, D5, 78, 00] {TEST AL, 0xd5; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcess + B 779058FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessToken + 6 77905906 4 Bytes CALL 7690D1E0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessToken + B 7790590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessTokenEx + 6 77905916 4 Bytes [A8, D6, 78, 00] {TEST AL, 0xd6; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessTokenEx + B 7790591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThread + 6 77905976 4 Bytes [68, D5, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThread + B 7790597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadToken + 6 77905986 4 Bytes [68, D6, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadToken + B 7790598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadTokenEx + 6 77905996 4 Bytes CALL 7690D271 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadTokenEx + B 7790599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryAttributesFile + 6 77905AA6 4 Bytes [A8, D4, 78, 00] {TEST AL, 0xd4; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryAttributesFile + B 77905AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryFullAttributesFile + 6 77905B56 4 Bytes CALL 7690D42F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryFullAttributesFile + B 77905B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationFile + B 779061AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationThread + 6 77906206 4 Bytes [28, D6, 78, 00] {SUB DH, DL; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationThread + B 7790620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtUnmapViewOfSection + 6 77906526 4 Bytes [68, D7, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtUnmapViewOfSection + B 7790652B 1 Byte [E2] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3484] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\wbem\wmiprvse.exe[3584] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe[3704] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtCreateFile + B 7790513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtMapViewOfSection + B 7790579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenFile + B 7790584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenProcess + 6 779058F6 4 Bytes [A8, D1, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenProcess + B 779058FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenProcessToken + 6 77905906 4 Bytes CALL 76911ADC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenProcessToken + B 7790590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenProcessTokenEx + 6 77905916 4 Bytes [A8, D2, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenProcessTokenEx + B 7790591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenThread + 6 77905976 4 Bytes [68, D1, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenThread + B 7790597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenThreadToken + 6 77905986 4 Bytes [68, D2, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenThreadToken + B 7790598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenThreadTokenEx + 6 77905996 4 Bytes CALL 76911B6D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtOpenThreadTokenEx + B 7790599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtQueryAttributesFile + 6 77905AA6 4 Bytes [A8, D0, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtQueryAttributesFile + B 77905AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtQueryFullAttributesFile + 6 77905B56 4 Bytes CALL 76911D2B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtQueryFullAttributesFile + B 77905B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtSetInformationFile + B 779061AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtSetInformationThread + 6 77906206 4 Bytes [28, D2, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtSetInformationThread + B 7790620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtUnmapViewOfSection + 6 77906526 4 Bytes [68, D3, C1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3768] ntdll.dll!NtUnmapViewOfSection + B 7790652B 1 Byte [E2] .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text D:\Logi\4srkuoly.exe[3808] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\Explorer.EXE[3868] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Serviio\bin\ServiioConsole.exe[3984] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\AUDIODG.EXE[4024] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtCreateFile + B 7790513B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtMapViewOfSection + B 7790579B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenFile + B 7790584B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenProcess + 6 779058F6 4 Bytes [A8, 0D, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenProcess + B 779058FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenProcessToken + 6 77905906 4 Bytes CALL 76914918 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenProcessToken + B 7790590B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenProcessTokenEx + 6 77905916 4 Bytes [A8, 0E, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenProcessTokenEx + B 7790591B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenThread + 6 77905976 4 Bytes [68, 0D, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenThread + B 7790597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenThreadToken + 6 77905986 4 Bytes [68, 0E, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenThreadToken + B 7790598B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenThreadTokenEx + 6 77905996 4 Bytes CALL 769149A9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtOpenThreadTokenEx + B 7790599B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtQueryAttributesFile + 6 77905AA6 4 Bytes [A8, 0C, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtQueryAttributesFile + B 77905AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtQueryFullAttributesFile + 6 77905B56 4 Bytes CALL 76914B67 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtQueryFullAttributesFile + B 77905B5B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtSetInformationFile + B 779061AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtSetInformationThread + 6 77906206 4 Bytes [28, 0E, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtSetInformationThread + B 7790620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtUnmapViewOfSection + 6 77906526 4 Bytes [68, 0F, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4224] ntdll.dll!NtUnmapViewOfSection + B 7790652B 1 Byte [E2] .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\SearchIndexer.exe[4512] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\GWX\GWX.exe[4524] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\TpShocks.exe[4588] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe[4700] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\rundll32.exe[4708] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\igfxpers.exe[4732] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe[4740] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[4776] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\System32\hkcmd.exe[4816] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\NetWorx\networx.exe[4860] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4908] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[5168] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\OO Software\Defrag\oodtray.exe[5272] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\PeerBlock\peerblock.exe[5292] kernel32.dll!SetUnhandledExceptionFilter 7670F6AB 5 Bytes JMP 00BA87E0 C:\Program Files\PeerBlock\peerblock.exe .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\svchost.exe[5388] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\totalcmd\TOTALCMD.EXE[5400] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5460] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[5560] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\taskeng.exe[5584] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\message center plus\mcplaunch.exe[5660] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[5672] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[5692] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Google\Chrome\Application\chrome.exe[5748] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[5788] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe[5848] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\ThinkPad\Utilities\SCHTASK.exe[5872] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\msiexec.exe[5892] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Windows\system32\igfxext.exe[5908] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtCreateFile + 5 77905135 5 Bytes JMP 75620440 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtCreateKey + 5 77905175 5 Bytes JMP 7562047C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtCreateUserProcess + 5 779052E5 5 Bytes JMP 756204B8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtDeleteFile + 5 77905375 5 Bytes JMP 756204F4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtDeleteKey + 5 77905385 5 Bytes JMP 7562065C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtDeleteValueKey + 5 779053B5 5 Bytes JMP 75620530 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtMapViewOfSection + 5 77905795 5 Bytes JMP 7562056C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtOpenFile + 5 77905845 5 Bytes JMP 756205A8 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtOpenKey + 5 77905875 5 Bytes JMP 756205E4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtOpenKeyEx + 5 77905885 5 Bytes JMP 75620620 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtRenameKey + 5 77905F35 5 Bytes JMP 75620698 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtSetInformationFile + 5 779061A5 5 Bytes JMP 756206D4 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtSetValueKey + 5 77906375 5 Bytes JMP 75620710 C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtTerminateProcess + 5 77906435 5 Bytes JMP 7562074C C:\Windows\System32\SYSFER.DLL .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6032] ntdll.dll!NtTerminateThread + 5 77906445 5 Bytes JMP 75620788 C:\Windows\System32\SYSFER.DLL ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74AC562C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74AC56EA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74AE246E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74AE24E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74AD854B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74AD4CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74AD50A6] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74AD517B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74AD66A8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74AD82A2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74AD87F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74AD9052] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74ADE1F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll IAT C:\Windows\Explorer.EXE[3868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74AD4C31] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \Driver\BTHUSB \Device\0000008e bthport.sys Device \Driver\kbdclass \Device\KeyboardClass0 Tppwr32v.sys Device \Driver\kbdclass \Device\KeyboardClass1 Tppwr32v.sys Device \Driver\mountmgr \Device\MountPointManager SysPlant.sys ---- Threads - GMER 2.2 ---- Thread System [4:568] 8D83EE28 Thread System [4:584] 8D8F882C Thread System [4:588] 8D96DB58 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28@c88447147346 0xFE 0xC8 0x65 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28@d8969579963b 0x77 0x62 0x81 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3954fef28@0008e06f8f2f 0xFA 0x4E 0x10 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xD7 0x66 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xEA 0xDC 0x36 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28@c88447147346 0xFE 0xC8 0x65 0xDB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28@d8969579963b 0x77 0x62 0x81 0x97 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3954fef28@0008e06f8f2f 0xFA 0x4E 0x10 0x05 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xD7 0x66 0x06 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xEA 0xDC 0x36 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@9CB145BA 1999 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----