GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-11 17:13:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: qilpkdqp.exe; Driver: C:\Users\Bobo\AppData\Local\Temp\aftcyaod.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\winlogon.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\System32\svchost.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\AUDIODG.EXE[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\svchost.exe[1196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\svchost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\nvvsvc.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\System32\spoolsv.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000768c1401 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000768c1419 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000768c1431 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000768c144a 2 bytes [8C, 76] .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000768c14dd 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768c14f5 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000768c150d 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000768c1525 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000768c153d 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000768c1555 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000768c156d 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000768c1585 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000768c159d 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000768c15b5 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000768c15cd 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000768c16b2 2 bytes [8C, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1584] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000768c16bd 2 bytes [8C, 76] .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\taskhost.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\SysWOW64\PnkBstrA.exe[2204] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073c317fa 2 bytes [C3, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2204] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073c31860 2 bytes [C3, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2204] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073c31942 2 bytes [C3, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2204] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073c3194d 2 bytes [C3, 73] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768c1401 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768c1419 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768c1431 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768c144a 2 bytes [8C, 76] .text ... * 9 .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768c14dd 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768c14f5 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768c150d 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768c1525 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768c153d 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768c1555 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768c156d 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768c1585 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768c159d 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768c15b5 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768c15cd 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768c16b2 2 bytes [8C, 76] .text C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768c16bd 2 bytes [8C, 76] .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\taskhost.exe[2832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\System32\rundll32.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\Dwm.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\Explorer.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Program Files\Elantech\ETDCtrl.exe[1476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\System32\hkcmd.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\System32\igfxpers.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3404] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007775000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3404] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000777df85a 5 bytes JMP 000000017778d571 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768c1401 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768c1419 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768c1431 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768c144a 2 bytes [8C, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768c14dd 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768c14f5 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768c150d 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768c1525 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768c153d 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768c1555 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768c156d 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768c1585 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768c159d 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768c15b5 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768c15cd 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768c16b2 2 bytes [8C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768c16bd 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000768c1401 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000768c1419 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000768c1431 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000768c144a 2 bytes [8C, 76] .text ... * 9 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000768c14dd 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768c14f5 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000768c150d 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000768c1525 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000768c153d 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000768c1555 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000768c156d 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000768c1585 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000768c159d 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000768c15b5 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000768c15cd 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000768c16b2 2 bytes [8C, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3892] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000768c16bd 2 bytes [8C, 76] .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\svchost.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\system32\SearchIndexer.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775b13c0 5 bytes JMP 0000000077710330 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775b1410 5 bytes JMP 0000000077710320 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775b15c0 5 bytes JMP 0000000077710340 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775b1680 5 bytes JMP 00000000777102d0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775b1710 5 bytes JMP 0000000077710290 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775b1790 5 bytes JMP 0000000077710280 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775b17b0 5 bytes JMP 00000000777102c0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775b19a0 5 bytes JMP 00000000777101f0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775b1b60 5 bytes JMP 0000000077710350 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775b1c70 5 bytes JMP 00000000777102a0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775b1c80 5 bytes JMP 0000000077710300 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775b1ce0 5 bytes JMP 0000000077710240 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775b1d70 5 bytes JMP 0000000077710260 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775b1da0 5 bytes JMP 00000000777102e0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775b1e40 5 bytes JMP 0000000077710200 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775b2100 5 bytes JMP 00000000777101b0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775b21c0 5 bytes JMP 0000000077710210 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775b2230 5 bytes JMP 00000000777102b0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775b2240 5 bytes JMP 0000000077710310 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775b22a0 5 bytes JMP 0000000077710250 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775b22f0 5 bytes JMP 0000000077710270 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775b2330 5 bytes JMP 00000000777102f0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775b2820 5 bytes JMP 0000000077710220 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775b2830 5 bytes JMP 0000000077710230 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775b2a00 5 bytes JMP 00000000777101c0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775b2a80 5 bytes JMP 00000000777101d0 .text C:\Windows\System32\svchost.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775b2b00 5 bytes JMP 00000000777101e0 ---- Threads - GMER 2.0 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3620:3772] 000007fefb5a2ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3620:4820] 000007fefa955124 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dd377e7 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dd377e7 (not active ControlSet) ---- EOF - GMER 2.0 ----