GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-21 11:21:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000075 ST950032 rev.0003 465,76GB Running: 9qk43epn.exe; Driver: C:\Users\Borys\AppData\Local\Temp\kglyypod.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\system32\services.exe[604] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\System32\svchost.exe[996] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\System32\svchost.exe[996] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\System32\svchost.exe[336] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\System32\svchost.exe[336] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[364] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[364] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[1228] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\system32\svchost.exe[1228] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000100070230 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0xffffffff88e5e890} .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000100070330 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0xffffffff88e5e590} .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000100070250 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0xffffffff88e5e090} .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000001000704b0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[1356] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[1356] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1776] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\system32\svchost.exe[1908] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\system32\taskhost.exe[2956] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\system32\Dwm.exe[3020] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\Explorer.EXE[3044] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\Explorer.EXE[3044] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe[3252] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007665a30a 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3412] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007665a30a 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3472] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\SysWOW64\RunDll32.exe[3964] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076771465 2 bytes [77, 76] .text C:\windows\SysWOW64\RunDll32.exe[3964] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767714bb 2 bytes [77, 76] .text ... * 2 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772113c0 5 bytes JMP 0000000077370470 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077211410 5 bytes JMP 0000000077370460 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077211570 5 bytes JMP 0000000077370370 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772115c0 5 bytes JMP 0000000077370480 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772115d0 5 bytes JMP 00000000773703e0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077211680 5 bytes JMP 0000000077370320 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772116b0 5 bytes JMP 00000000773703b0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772116d0 5 bytes JMP 0000000077370390 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077211710 5 bytes JMP 00000000773702e0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077211760 5 bytes JMP 0000000077370440 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077211790 5 bytes JMP 00000000773702d0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772117b0 5 bytes JMP 0000000077370310 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772117f0 5 bytes JMP 00000000773703c0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077211840 5 bytes JMP 00000000773703f0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772119a0 1 byte JMP 0000000077370230 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000772119a2 3 bytes {JMP 0x15e890} .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077211b60 5 bytes JMP 0000000077370490 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077211b90 5 bytes JMP 00000000773703a0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077211c70 5 bytes JMP 00000000773702f0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077211c80 5 bytes JMP 0000000077370350 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077211ce0 5 bytes JMP 0000000077370290 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077211d70 5 bytes JMP 00000000773702b0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077211d90 5 bytes JMP 00000000773703d0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077211da0 1 byte JMP 0000000077370330 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077211da2 3 bytes {JMP 0x15e590} .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077211e10 5 bytes JMP 0000000077370410 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077211e40 5 bytes JMP 0000000077370240 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077212100 5 bytes JMP 00000000773701e0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772121c0 1 byte JMP 0000000077370250 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000772121c2 3 bytes {JMP 0x15e090} .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772121f0 5 bytes JMP 00000000773704a0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077212200 5 bytes JMP 00000000773704b0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077212230 5 bytes JMP 0000000077370300 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077212240 5 bytes JMP 0000000077370360 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772122a0 5 bytes JMP 00000000773702a0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772122f0 5 bytes JMP 00000000773702c0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077212320 5 bytes JMP 0000000077370380 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077212330 5 bytes JMP 0000000077370340 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077212620 5 bytes JMP 0000000077370450 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077212820 5 bytes JMP 0000000077370260 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077212830 5 bytes JMP 0000000077370270 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077212840 5 bytes JMP 0000000077370400 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077212a00 5 bytes JMP 00000000773701f0 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077212a10 5 bytes JMP 0000000077370210 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077212a80 5 bytes JMP 0000000077370200 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077212ae0 5 bytes JMP 0000000077370420 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077212af0 5 bytes JMP 0000000077370430 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077212b00 5 bytes JMP 0000000077370220 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077212be0 5 bytes JMP 0000000077370280 .text C:\windows\system32\SearchIndexer.exe[4044] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2832] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\windows\system32\svchost.exe[3976] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\Users\Borys\AppData\Local\Google\Chrome\Application\chrome.exe[2728] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007665a30a 1 byte [62] .text C:\Users\Borys\AppData\Local\Google\Chrome\Application\chrome.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076771465 2 bytes [77, 76] .text C:\Users\Borys\AppData\Local\Google\Chrome\Application\chrome.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767714bb 2 bytes [77, 76] .text ... * 2 .text C:\windows\SysWOW64\ntdll.dll[3384] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007665a30a 1 byte [62] .text C:\windows\system32\AUDIODG.EXE[2500] C:\windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d8eecd 1 byte [62] .text C:\Users\Borys\Downloads\9qk43epn.exe[4932] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007665a30a 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\svchost.exe [784:828] 000007fefc8c332c Thread C:\windows\system32\svchost.exe [784:832] 000007fefc8c10b0 Thread C:\windows\System32\svchost.exe [336:4672] 000007fef3378a4c Thread C:\windows\System32\svchost.exe [336:4184] 000007fef9e288f8 Thread C:\windows\System32\svchost.exe [336:2464] 000007fef827a2b0 Thread C:\windows\system32\svchost.exe [364:1532] 000007fefa2d1e00 Thread C:\windows\system32\svchost.exe [364:1536] 000007fefa221a50 Thread C:\windows\system32\svchost.exe [364:1840] 000007fefd0c1a70 Thread C:\windows\system32\svchost.exe [364:1980] 000007fefd0c1a70 Thread C:\windows\system32\svchost.exe [364:2344] 000007fef94017f8 Thread C:\windows\system32\svchost.exe [364:3844] 000007fefbbf506c Thread C:\windows\system32\svchost.exe [364:3856] 000007fef8351c20 Thread C:\windows\system32\svchost.exe [364:3860] 000007fef8351c20 Thread C:\windows\system32\svchost.exe [364:1932] 000007fef2dd1ab0 Thread C:\windows\system32\svchost.exe [364:4156] 000007fef54c4164 Thread C:\windows\system32\svchost.exe [1104:1200] 000007fefaf78274 Thread C:\windows\system32\svchost.exe [1104:2920] 000007fefaf78274 Thread C:\windows\system32\svchost.exe [1356:1600] 000007fefd0c1a70 Thread C:\windows\system32\svchost.exe [1356:1608] 000007fefd0c1a70 Thread C:\windows\system32\svchost.exe [1356:1620] 000007fefd0c1a70 Thread C:\windows\system32\svchost.exe [1356:1628] 000007fefa0a2c70 Thread C:\windows\system32\svchost.exe [1356:1640] 000007fefa0afb40 Thread C:\windows\system32\svchost.exe [1356:1656] 000007fefa0c1d20 Thread C:\windows\system32\svchost.exe [1356:1660] 000007fefa0af6f0 Thread C:\windows\system32\svchost.exe [1356:1852] 000007fef9f735c0 Thread C:\windows\system32\svchost.exe [1356:2164] 000007fef9f75600 Thread C:\windows\system32\svchost.exe [1356:2232] 000007fef8512940 Thread C:\windows\system32\svchost.exe [1356:2952] 000007fefb052888 Thread C:\windows\system32\svchost.exe [1356:4452] 000007fefb052a40 Thread C:\windows\System32\spoolsv.exe [1556:148] 000007fef2f910c8 Thread C:\windows\System32\spoolsv.exe [1556:3728] 000007fef3c56144 Thread C:\windows\System32\spoolsv.exe [1556:3716] 000007fefb625fd0 Thread C:\windows\System32\spoolsv.exe [1556:1664] 000007fef2f73438 Thread C:\windows\System32\spoolsv.exe [1556:3680] 000007fefb6263ec Thread C:\windows\System32\spoolsv.exe [1556:3832] 000007fef55a5e5c Thread C:\windows\System32\spoolsv.exe [1556:3756] 000007fef3095074 Thread C:\windows\system32\svchost.exe [1908:2892] 000007fef95544e0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2832:4500] 000007fef7442a7c Thread C:\windows\System32\svchost.exe [4328:5072] 000007fef8139688 Thread C:\windows\SysWOW64\ntdll.dll [3384:2504] 000000000039f860 Thread C:\windows\SysWOW64\ntdll.dll [3384:4864] 000000000034f4cf Thread C:\windows\SysWOW64\ntdll.dll [3384:4680] 000000000034f4cf ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{12744C8E-299B-4A0A-A988-02E27FBD4583}\Connection@Name Po??czenie lokalne* 22 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 28 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 296961 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68cedd9d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68cedd9d@b0ee450e3979 0x04 0xD1 0x0B 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de5bedf Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 7629 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 6819 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2AD1399F-1439-48F2-80D7-BDDD5EE680CF}@LeaseObtainedTime 1363856407 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2AD1399F-1439-48F2-80D7-BDDD5EE680CF}@T1 1363858207 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2AD1399F-1439-48F2-80D7-BDDD5EE680CF}@T2 1363859557 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2AD1399F-1439-48F2-80D7-BDDD5EE680CF}@LeaseTerminatesTime 1363860007 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 28 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 296961 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 5 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 3 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68cedd9d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68cedd9d@b0ee450e3979 0x04 0xD1 0x0B 0x58 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de5bedf (not active ControlSet) ---- EOF - GMER 2.1 ----