GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-04-02 23:27:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AK1 298,09GB Running: m3j0juz6.exe; Driver: C:\Users\root\AppData\Local\Temp\kfldqaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778413c0 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778415c0 8 bytes JMP 000000016fff0110 .text C:\windows\system32\csrss.exe[480] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 8 bytes JMP 000000016fff0148 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\services.exe[620] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\lsass.exe[672] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\lsass.exe[672] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\lsass.exe[672] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\lsass.exe[672] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\system32\lsass.exe[672] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\svchost.exe[788] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\svchost.exe[788] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\svchost.exe[788] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\svchost.exe[788] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\svchost.exe[992] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\svchost.exe[992] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\System32\svchost.exe[496] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\System32\svchost.exe[496] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\System32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\System32\svchost.exe[564] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\svchost.exe[676] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe0e6bd0 5 bytes JMP 000007fffdc201b8 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20298 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc20228 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\svchost.exe[676] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\svchost.exe[1260] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\svchost.exe[1260] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\System32\spoolsv.exe[1656] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\svchost.exe[1708] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\svchost.exe[1708] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\svchost.exe[1708] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\svchost.exe[1708] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[1708] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe0e6bd0 5 bytes JMP 000007fffdc201b8 .text C:\windows\system32\svchost.exe[1708] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\svchost.exe[2096] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\svchost.exe[2096] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe[2148] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2192] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2244] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2276] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[2324] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000010031d080 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000010032fac0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000010032dfa0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000010032ec30 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000010032c270 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000010032e640 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000010032ff20 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000010032fce0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000010032e2a0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000010032cc90 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000010032b520 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000010032f750 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000010032be90 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000010032c8f0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000010032f540 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000010032f0c0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000010032f300 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000010032c520 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000010032eec0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000100327df0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000010031d1a0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000100324f30 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000100325ac0 .text C:\windows\system\uArcCapture.exe[2396] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000100323a60 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000072e91825 2 bytes JMP 000000010379a89c .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000072e91830 2 bytes JMP 000000010379a8a7 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000072e9183b 2 bytes JMP 000000010379a8b2 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000072e91846 2 bytes JMP 000000010379a8bd .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000072e91851 2 bytes JMP 000000010379a8c8 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000072e9185c 2 bytes JMP 000000010379a8d3 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000072e91867 2 bytes JMP 000000010379a8de .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000072e91872 2 bytes JMP 000000010379a8e9 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000072e9187d 2 bytes JMP 000000010379a8f4 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000072e91888 2 bytes JMP 000000010379a8ff .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000072e91893 2 bytes JMP 000000010379a90a .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000072e9189e 2 bytes JMP 000000010379a915 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000072e918a9 2 bytes JMP 000000010379a920 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000072e918b4 2 bytes JMP 000000010379a92b .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000072e918bf 2 bytes JMP 000000010379a936 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000072e918ca 2 bytes JMP 000000010379a941 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000072e918d5 2 bytes JMP 000000010379a94c .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000072e918e0 2 bytes JMP 000000010379a957 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000072e918eb 2 bytes JMP 000000010379a962 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000072e918f6 2 bytes JMP 000000010379a96d .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000072e91901 2 bytes JMP 000000010379a978 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000072e9190c 2 bytes JMP 000000010379a983 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000072e91917 2 bytes JMP 000000010379a98e .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000072e91922 2 bytes JMP 000000010379a999 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000072e9192d 2 bytes JMP 000000010379a9a4 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000072e91938 2 bytes JMP 000000010379a9af .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000072e91943 2 bytes JMP 000000010379a9ba .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000072e9194e 2 bytes JMP 000000010379a9c5 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000072e91959 2 bytes JMP 000000010379a9d0 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000072e91964 2 bytes JMP 000000010379a9db .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000072e9196f 2 bytes JMP 000000010379a9e6 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000072e9197a 2 bytes JMP 000000010379a9f1 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000072e91985 2 bytes JMP 000000010379a9fc .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000072e91990 2 bytes JMP 000000010379aa07 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000072e9199b 2 bytes JMP 000000010379aa12 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000072e919a6 2 bytes JMP 000000010379aa1d .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000072e919b1 2 bytes JMP 000000010379aa28 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000072e919bc 2 bytes JMP 000000010379aa33 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000072e919c7 2 bytes JMP 000000010379aa3e .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000072e919d2 2 bytes JMP 000000010379aa49 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000072e919dd 2 bytes JMP 000000010379aa54 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000072e919e8 2 bytes JMP 000000010379aa5f .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000072e919f3 2 bytes JMP 000000010379aa6a .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000072e919fe 2 bytes JMP 000000010379aa75 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000072e91a09 2 bytes JMP 000000010379aa80 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000072e91a14 2 bytes JMP 000000010379aa8b .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000072e91a1f 2 bytes JMP 000000010379aa96 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000072e91a2a 2 bytes JMP 000000010379aaa1 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000072e91a35 2 bytes JMP 000000010379aaac .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000072e91a40 2 bytes JMP 000000010379aab7 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000072e91a4b 2 bytes JMP 000000010379aac2 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000072e91a56 2 bytes JMP 000000010379aacd .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000072e91a61 2 bytes JMP 000000010379aad8 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000072e91a6c 2 bytes JMP 000000010379aae3 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000072e91a77 2 bytes JMP 000000010379aaee .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000072e91a82 2 bytes JMP 000000010379aaf9 .text C:\windows\system\uArcCapture.exe[2396] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000072e91ab2 2 bytes JMP 000000010379ab29 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text E:\programy\emped\eMPendiumService.exe[2472] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\windows\system32\wbem\wmiprvse.exe[2868] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\System32\svchost.exe[3608] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\System32\svchost.exe[3608] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\System32\svchost.exe[3608] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\System32\svchost.exe[3608] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\System32\svchost.exe[3608] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\System32\svchost.exe[3608] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\System32\svchost.exe[3608] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3664] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 0000000110024390 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\SearchIndexer.exe[3864] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1984] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1984] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1984] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\System32\svchost.exe[4056] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\System32\svchost.exe[4056] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\System32\svchost.exe[4056] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\windows\system32\csrss.exe[2296] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778413c0 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\csrss.exe[2296] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778415c0 8 bytes JMP 000000016fff0110 .text C:\windows\system32\csrss.exe[2296] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 8 bytes JMP 000000016fff0148 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\atieclxx.exe[5108] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\taskhost.exe[824] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\taskhost.exe[824] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\system32\Dwm.exe[3032] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\Dwm.exe[3032] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\Dwm.exe[3032] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\Dwm.exe[3032] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\Dwm.exe[3032] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\Explorer.EXE[1804] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\Explorer.EXE[1804] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4968] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Windows\System32\rundll32.exe[4268] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4788] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\KERNEL32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\KERNEL32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\KERNEL32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe[4052] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\KERNEL32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 0000000110024390 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000770658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000077067bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\GDI32.dll!GetPixel 000000007706cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4008] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007706e743 5 bytes JMP 0000000110029bc0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000010035d080 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000010036fac0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000010036dfa0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000010036ec30 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000010036c270 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000010036e640 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000010036ff20 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000010036fce0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000010036e2a0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000010036cc90 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000010036b520 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000010036f750 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000010036be90 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000010036c8f0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000010036f540 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000010036f0c0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000010036f300 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000010036c520 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000010036eec0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000100367df0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000010035d1a0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000100364f30 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000100365ac0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000100363a60 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000010035d1d0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000770658b3 5 bytes JMP 0000000100368bc0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000077067bcc 5 bytes JMP 0000000100369cc0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\GDI32.dll!GetPixel 000000007706cbfb 5 bytes JMP 0000000100368990 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007706e743 5 bytes JMP 0000000100369bc0 .text C:\Windows\twain_32\Samsung\SCX4x28\Scan2Pc.exe[4204] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 0000000100364390 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4244] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4244] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4244] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4244] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4244] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4244] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\KERNEL32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\KERNEL32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\KERNEL32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[2312] C:\windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feff7ca1a0 7 bytes JMP 000007fffdc20180 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\KERNEL32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\KERNEL32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\KERNEL32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[1920] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\KERNEL32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 0000000110024390 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000770658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000077067bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\GDI32.dll!GetPixel 000000007706cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[652] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007706e743 5 bytes JMP 0000000110029bc0 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\system32\svchost.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\kernel32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\kernel32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\kernel32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\svchost.exe[4352] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 00000001003bd080 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 00000001003cfac0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 00000001003cdfa0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 00000001003cec30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 00000001003cc270 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 00000001003ce640 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 00000001003cff20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 00000001003cfce0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 00000001003ce2a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 00000001003ccc90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 00000001003cb520 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 00000001003cf750 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 00000001003cbe90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 00000001003cc8f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 00000001003cf540 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 00000001003cf0c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 00000001003cf300 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 00000001003cc520 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 00000001003ceec0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 00000001003c7df0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 00000001003bd1a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 00000001003c4f30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 00000001003c5ac0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 00000001003c3a60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 00000001003bd1d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 00000001003c4390 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000770658b3 5 bytes JMP 00000001003c8bc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000077067bcc 5 bytes JMP 00000001003c9cc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\GDI32.dll!GetPixel 000000007706cbfb 5 bytes JMP 00000001003c8990 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3228] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007706e743 5 bytes JMP 00000001003c9bc0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1856] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[2376] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000770658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000077067bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\GDI32.dll!GetPixel 000000007706cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007706e743 5 bytes JMP 0000000110029bc0 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[2224] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 0000000110024390 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813ae0 5 bytes JMP 000000016fff0110 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817a90 5 bytes JMP 000000016fff05e0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077841400 8 bytes JMP 000000016fff00d8 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778415d0 8 bytes JMP 000000016fff0308 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077841640 8 bytes JMP 000000016fff0490 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077841680 8 bytes JMP 000000016fff0420 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077841720 8 bytes JMP 000000016fff04c8 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778417b0 8 bytes JMP 000000016fff03e8 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778417f0 8 bytes JMP 000000016fff0228 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077841840 8 bytes JMP 000000016fff0260 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077841860 8 bytes JMP 000000016fff0458 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077841a50 8 bytes JMP 000000016fff05a8 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077841b60 1 byte JMP 000000016fff01f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 0000000077841b62 6 bytes {JMP 0xfffffffff87ae690} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077841c30 8 bytes JMP 000000016fff0340 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077841d80 8 bytes JMP 000000016fff0500 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077841d90 8 bytes JMP 000000016fff0570 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077842100 8 bytes JMP 000000016fff0378 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077842190 8 bytes JMP 000000016fff0538 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077842a00 8 bytes JMP 000000016fff03b0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077842a80 8 bytes JMP 000000016fff0298 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077842b00 8 bytes JMP 000000016fff02d0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\KERNEL32.dll!CreateProcessAsUserW 000000007732a420 12 bytes JMP 000000016fff01b8 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\KERNEL32.dll!CreateProcessW 0000000077341b50 12 bytes JMP 000000016fff0148 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\KERNEL32.dll!CreateProcessA 00000000773b8810 7 bytes JMP 000000016fff0180 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4232] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\windows\system32\svchost.exe[4020] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdfc5290 7 bytes JMP 000007fffdc20148 .text C:\windows\system32\svchost.exe[4020] C:\windows\system32\GDI32.dll!DeleteDC 000007fefe7522cc 5 bytes JMP 000007fffdc20260 .text C:\windows\system32\svchost.exe[4020] C:\windows\system32\GDI32.dll!CreateDCW 000007fefe758398 9 bytes JMP 000007fffdc201f0 .text C:\windows\system32\svchost.exe[4020] C:\windows\system32\GDI32.dll!CreateDCA 000007fefe7589c8 9 bytes JMP 000007fffdc201b8 .text C:\windows\system32\svchost.exe[4020] C:\windows\system32\GDI32.dll!GetPixel 000007fefe759344 5 bytes JMP 000007fffdc20228 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000770658b3 5 bytes JMP 0000000110028bc0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000077067bcc 5 bytes JMP 0000000110029cc0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\GDI32.dll!GetPixel 000000007706cbfb 5 bytes JMP 0000000110028990 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007706e743 5 bytes JMP 0000000110029bc0 .text C:\wincmd\TOTALCMD.EXE[2928] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 0000000110024390 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779ef9c0 5 bytes JMP 000000011001d080 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efc90 5 bytes JMP 000000011002fac0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779efd44 5 bytes JMP 000000011002dfa0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779efda8 5 bytes JMP 000000011002ec30 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779efea0 5 bytes JMP 000000011002c270 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779eff84 5 bytes JMP 000000011002e640 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779effe4 5 bytes JMP 000000011002ff20 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0064 5 bytes JMP 000000011002fce0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779f0094 5 bytes JMP 000000011002e2a0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779f0398 5 bytes JMP 000000011002cc90 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779f0530 5 bytes JMP 000000011002b520 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779f0674 5 bytes JMP 000000011002f750 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f086c 5 bytes JMP 000000011002be90 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f0884 5 bytes JMP 000000011002c8f0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0dd4 5 bytes JMP 000000011002f540 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779f0eb8 5 bytes JMP 000000011002f0c0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1bc4 5 bytes JMP 000000011002f300 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779f1c94 5 bytes JMP 000000011002c520 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779f1d6c 5 bytes JMP 000000011002eec0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c45a 5 bytes JMP 0000000110027df0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11217 7 bytes JMP 000000011001d1a0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000076cf103d 5 bytes JMP 0000000110024f30 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000076cf1072 5 bytes JMP 0000000110025ac0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076d1c9b5 5 bytes JMP 0000000110023a60 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000769bf776 5 bytes JMP 000000011001d1d0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000770658b3 5 bytes JMP 0000000110028bc0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000077067bcc 5 bytes JMP 0000000110029cc0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\GDI32.dll!GetPixel 000000007706cbfb 5 bytes JMP 0000000110028990 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\GDI32.dll!CreateDCW 000000007706e743 5 bytes JMP 0000000110029bc0 .text C:\Programy\m3j0juz6.exe[2388] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076492538 5 bytes JMP 0000000110024390 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [1401cb1c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW] [1401cbf00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!GetModuleHandleA] [1401cc0d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA] [1401cbeb0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW] [1401cbfd0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [1401cc1f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA] [1401cbf50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[GDI32.dll!DeleteObject] [1401ca480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassA] [1401cb2a0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [1401cb3f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!GetSysColor] [1401ca410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!GetSystemMetrics] [1401cb540] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!GetSysColorBrush] [1401ca4e0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!GetScrollInfo] [1401ca790] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!SystemParametersInfoW] [1401cb740] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!DrawEdge] [1401cbb20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!AdjustWindowRectEx] [1401cb920] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!SetScrollInfo] [1401ca620] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!SetScrollPos] [1401ca560] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!CallWindowProcW] [1401ca840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!GetSysColor] [1401ca410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [1401cb3f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\SHELL32.dll[USER32.dll!FillRect] [1401cba70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW] [1401cbfd0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [1401cc1f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [1401cbeb0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [1401cbf00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[GDI32.dll!DeleteObject] [1401ca480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[USER32.dll!CallWindowProcW] [1401ca840] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[USER32.dll!SystemParametersInfoW] [1401cb740] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[USER32.dll!GetSystemMetrics] [1401cb540] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[USER32.dll!GetSysColor] [1401ca410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[USER32.dll!RegisterClassW] [1401cb3f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA] [1401cbeb0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW] [1401cbf00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [1401cc1f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [1401cbf50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [1401cbf00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateThread] [1401cb1c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [1401cbeb0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!RegisterClassW] [1401cb3f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!SystemParametersInfoW] [1401cb740] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!GetSysColor] [1401ca410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!GetSystemMetrics] [1401cb540] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\OLEAUT32.dll[GDI32.dll!DeleteObject] [1401ca480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\IMM32.dll[USER32.dll!SystemParametersInfoW] [1401cb740] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\IMM32.dll[USER32.dll!DrawEdge] [1401cbb20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\IMM32.dll[USER32.dll!GetSystemMetrics] [1401cb540] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\IMM32.dll[KERNEL32.dll!CreateThread] [1401cb1c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\IMM32.dll[KERNEL32.dll!GetProcAddress] [1401cc1f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\IMM32.dll[KERNEL32.dll!LoadLibraryW] [1401cbf00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\IMM32.dll[GDI32.dll!DeleteObject] [1401ca480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\CLBCatQ.DLL[KERNEL32.dll!LoadLibraryExA] [1401cbf50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\CLBCatQ.DLL[KERNEL32.dll!LoadLibraryExW] [1401cbfd0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [1401cc1f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\system32\CLBCatQ.DLL[KERNEL32.dll!LoadLibraryW] [1401cbf00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\System32\msxml3.dll[KERNEL32.dll!CreateThread] [1401cb1c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\System32\msxml3.dll[KERNEL32.dll!GetProcAddress] [1401cc1f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryExA] [1401cbf50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryExW] [1401cbfd0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryW] [1401cbf00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryA] [1401cbeb0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[4880] @ C:\windows\System32\msxml3.dll[USER32.dll!RegisterClassW] [1401cb3f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{44256D3B-E0CE-408D-83ED-C5E84859CFAE}\Connection@Name isatap.{5C4AFC89-2C32-4BF6-8756-850F243D229A} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{1F084F44-2DB8-4B1C-AB6E-B2D0C6E32CC2}?\Device\{44256D3B-E0CE-408D-83ED-C5E84859CFAE}?\Device\{F98D256A-6A93-438E-B19A-239157F6C5F7}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{1F084F44-2DB8-4B1C-AB6E-B2D0C6E32CC2}"?"{44256D3B-E0CE-408D-83ED-C5E84859CFAE}"?"{F98D256A-6A93-438E-B19A-239157F6C5F7}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{1F084F44-2DB8-4B1C-AB6E-B2D0C6E32CC2}?\Device\TCPIP6TUNNEL_{44256D3B-E0CE-408D-83ED-C5E84859CFAE}?\Device\TCPIP6TUNNEL_{F98D256A-6A93-438E-B19A-239157F6C5F7}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3957461d4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395f8fe6a Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{44256D3B-E0CE-408D-83ED-C5E84859CFAE}@InterfaceName isatap.{5C4AFC89-2C32-4BF6-8756-850F243D229A} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{44256D3B-E0CE-408D-83ED-C5E84859CFAE}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 11396 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3957461d4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395f8fe6a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy@Num 58 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1@LastID 1768 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\0@UID {FD755DF0-E1BF-4117-A0EB-962800A2188E} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\0@ID 1767 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\0\DestinationPort@PortStart 17655 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\0\DestinationPort@PortEnd 17655 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\1@UID {A895C2D6-CD3C-4793-AC7C-331E51B4267A} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\1@ID 1766 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\1\DestinationPort@PortStart 15343 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\1\DestinationPort@PortEnd 15343 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\10@UID {D5608C87-87AB-4EA8-9203-6D3228CB2522} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\10@ID 1757 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\10\DestinationPort@PortStart 17640 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\10\DestinationPort@PortEnd 17640 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\11@UID {9BF6146B-474B-4219-95E3-CA0F4B899F73} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\11@ID 1756 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\11\DestinationPort@PortStart 22998 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\11\DestinationPort@PortEnd 22998 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\12@UID {5D529025-B153-4546-AD88-38851B13AC65} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\12@ID 1755 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\12\DestinationPort@PortStart 64492 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\12\DestinationPort@PortEnd 64492 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\13@UID {282872A1-4B46-41EB-87DD-A576E23A963A} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\13@ID 1754 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\13\DestinationPort@PortStart 13055 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\13\DestinationPort@PortEnd 13055 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\14@UID {9DED6392-F1CC-4EDB-BAD5-877B98921567} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\14@ID 1753 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\14\DestinationPort@PortStart 13567 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\14\DestinationPort@PortEnd 13567 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\15@UID {47A0F412-2702-49AF-9D50-0104AFAFB0CC} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\15@ID 1752 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\15\DestinationPort@PortStart 58617 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\15\DestinationPort@PortEnd 58617 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\16@UID {931D2029-FA1F-4B08-A4FA-A59004E7D7B6} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\16@ID 1751 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\16\DestinationPort@PortStart 58361 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\16\DestinationPort@PortEnd 58361 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\17@UID {4F3DD5F9-51F8-442A-9CD5-C14DFE86087E} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\17@ID 1750 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\17@Protocol 2 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\17\DestinationPort@PortStart 13579 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\17\DestinationPort@PortEnd 13579 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\18@UID {8B7E8A75-0072-4E3F-881D-01B3E5E36A11} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\18@ID 1749 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\18@Protocol 1 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\18@IPProto 2 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19@UID {623B2E04-C32C-42F2-BEC4-F73393D4CB4E} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19@ID 1748 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19@Protocol 4 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\DestinationPort Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\DestinationPort@Type 1 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\DestinationPort@SetName Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\DestinationPort@PortType 1 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\DestinationPort@PortStart 9681 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\DestinationPort@PortEnd 9681 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\SourcePort Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\SourcePort@Type 8 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\SourcePort@SetName Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\SourcePort@PortType 8 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\SourcePort@PortStart 0 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\19\SourcePort@PortEnd 65535 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\2@UID {5F75F00A-65FB-422F-9454-A222F8FAC92A} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\2@ID 1765 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\2\DestinationPort@PortStart 8147 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\2\DestinationPort@PortEnd 8147 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\20@UID {8E04CB90-EEA3-40DB-B4D5-21C75E2C88CC} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\20@ID 1747 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\20\DestinationPort@PortStart 9937 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\20\DestinationPort@PortEnd 9937 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\21@UID {4AC355D8-1070-4283-B6E6-5223F2852B78} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\21@ID 1746 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\21\DestinationPort@PortStart 3801 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\21\DestinationPort@PortEnd 3801 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\22@UID {2AE501E6-63B8-4798-ABBA-A03A0F757D8A} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\22@ID 1745 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\22\DestinationPort@PortStart 3289 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\22\DestinationPort@PortEnd 3289 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\23@UID {F20E7FA9-AB94-487A-B417-F16B4806047D} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\23@ID 1744 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\23\DestinationPort@PortStart 58101 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\23\DestinationPort@PortEnd 58101 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\24@UID {44AC17C8-692F-4084-8EA3-5C2015E47670} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\24@ID 1743 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\24\DestinationPort@PortStart 60395 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\24\DestinationPort@PortEnd 60395 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\25@UID {805B7F1F-5C2E-4068-ADBE-40EA2F73C24B} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\25@ID 1742 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\25\DestinationPort@PortStart 38875 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\25\DestinationPort@PortEnd 38875 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\26@UID {779BD2F1-C8DC-4FA7-A7A4-D958CDAE117C} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\26@ID 1741 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\26\DestinationPort@PortStart 8928 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\26\DestinationPort@PortEnd 8928 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\27@UID {ED884EE1-484B-4FD8-9D0C-64AFCBA09DEE} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\27@ID 1740 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\27\DestinationPort@PortStart 8416 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\27\DestinationPort@PortEnd 8416 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\28@UID {2A94BEDD-2CB1-444E-9DFA-03EA6887A192} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\28@ID 1739 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\28@Protocol 1 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\28@IPProto 58 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29@UID {C7748DAA-88CB-485E-917C-0C726BFB651F} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29@ID 1738 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29@Protocol 4 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\DestinationPort Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\DestinationPort@Type 1 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\DestinationPort@SetName Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\DestinationPort@PortType 1 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\DestinationPort@PortStart 51163 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\DestinationPort@PortEnd 51163 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\SourcePort Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\SourcePort@Type 8 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\SourcePort@SetName Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\SourcePort@PortType 8 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\SourcePort@PortStart 0 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\29\SourcePort@PortEnd 65535 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\3@UID {5BA71205-1BA6-41DB-9BC2-B6E4BF7F658C} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\3@ID 1764 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\3\DestinationPort@PortStart 4295 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\3\DestinationPort@PortEnd 4295 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\30@UID {33D6B283-4C64-49DF-980B-26F5AF957352} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\30@ID 1737 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\30\DestinationPort@PortStart 41981 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\30\DestinationPort@PortEnd 41981 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\31@UID {846B20BE-AFA8-417A-A762-904699B08E3D} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\31@ID 1736 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\31\DestinationPort@PortStart 18923 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\31\DestinationPort@PortEnd 18923 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\32@UID {13DE1E12-A167-44E3-86FE-4A90999CD7B8} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\32@ID 1735 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\32\DestinationPort@PortStart 18411 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\32\DestinationPort@PortEnd 18411 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\33@UID {3E8C5BA2-8585-4719-B137-D340A899F1BE} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\33@ID 1734 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\33\DestinationPort@PortStart 13550 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\33\DestinationPort@PortEnd 13550 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\34@UID {B54605AA-ABC0-4ED4-ACEE-D87D719A7A16} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\34@ID 1733 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\34\DestinationPort@PortStart 13806 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\34\DestinationPort@PortEnd 13806 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\35@UID {CB513665-7936-445E-9011-ECD2741C4681} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\35@ID 1732 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\35\DestinationPort@PortStart 19957 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\35\DestinationPort@PortEnd 19957 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\36@UID {4239955B-5EF3-4BB2-8176-C977ACAA0716} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\36@ID 1731 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\36\DestinationPort@PortStart 19701 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\36\DestinationPort@PortEnd 19701 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\37@UID {81295BDF-7E68-47B5-B0ED-DE38A09C718F} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\37@ID 1730 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\37\DestinationPort@PortStart 19189 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\37\DestinationPort@PortEnd 19189 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\38@UID {BBEEAAB1-96F0-4C35-86B7-D3F5326486A9} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\38@ID 1729 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\38\DestinationPort@PortStart 18421 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\38\DestinationPort@PortEnd 18421 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\39@UID {CE1EFEF0-8381-49BB-A6E8-74AAB3CA3BAA} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\39@ID 1728 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\39@Protocol 2 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\39\DestinationPort@PortStart 47873 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\39\DestinationPort@PortEnd 47873 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\4@UID {F51426F6-3524-4E57-A1C5-AF38220FBB50} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\4@ID 1763 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\4\DestinationPort@PortStart 32749 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\4\DestinationPort@PortEnd 32749 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\40@UID {0538969D-B42B-4681-8AF1-4EFCACF78A4B} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\40@ID 1727 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\40@Protocol 4 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\40\DestinationPort@PortStart 31488 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\40\DestinationPort@PortEnd 31488 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\41@UID {CCE5D507-8C27-49C8-B497-40C7B619DB57} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\41@ID 1726 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\41\DestinationPort@PortStart 55309 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\41\DestinationPort@PortEnd 55309 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\42@UID {0A89AD42-F19B-403E-987E-BEB7B09CB51C} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\42@ID 1725 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\42@Protocol 2 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\42\DestinationPort@PortStart 20480 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\42\DestinationPort@PortEnd 20480 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\43@UID {A007032F-8F2F-45FD-A2D0-57724E4FF2A6} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\43@ID 1724 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\43@Protocol 4 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\43\DestinationPort@PortStart 53963 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\43\DestinationPort@PortEnd 53963 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\44@UID {AE1E8980-B5C5-4DD3-A81A-C14E009CB1E6} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\44@ID 1723 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\44\DestinationPort@PortStart 53451 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\44\DestinationPort@PortEnd 53451 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\45@UID {BA454200-2D28-45A8-9D02-3D50D18640A5} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\45@ID 1722 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\45\DestinationPort@PortStart 27655 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\45\DestinationPort@PortEnd 27655 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\46@UID {9CD076C2-4D68-46C4-8404-B011A83E84B4} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\46@ID 1721 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\46\DestinationPort@PortStart 52683 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\46\DestinationPort@PortEnd 52683 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\47@UID {25603A32-278F-4ED4-ADF7-831C0DB50467} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\47@ID 1720 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\47@Protocol 2 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\47\DestinationPort@PortStart 60692 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\47\DestinationPort@PortEnd 60692 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\48@UID {D8B3EB21-F781-488E-81A8-607329ACC638} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\48@ID 1719 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\48@Protocol 4 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\5@UID {118D17FA-4FB0-477C-82CE-D77DEDFF4FC1} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\5@ID 1762 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\5\DestinationPort@PortStart 14831 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\5\DestinationPort@PortEnd 14831 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\6@UID {1A3EBF81-2069-4B6A-9365-DD76E07B5A8E} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\6@ID 1761 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\6\DestinationPort@PortStart 3281 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\6\DestinationPort@PortEnd 3281 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\7@UID {A0B777DE-3FFB-4D9F-9688-9B5FD6D77889} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\7@ID 1760 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\7\DestinationPort@PortStart 3025 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\7\DestinationPort@PortEnd 3025 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\8@UID {1C8BB1C2-9B54-4979-9251-E3EC8B18E78A} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\8@ID 1759 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\8\DestinationPort@PortStart 39146 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\8\DestinationPort@PortEnd 39146 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\9@UID {BCC552E5-106F-4914-A1E9-D05EB98F71EB} Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\9@ID 1758 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\9\DestinationPort@PortStart 18152 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\1\Rules\9\DestinationPort@PortEnd 18152 Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro\Data@Timestamp.{40210ABD-EB84-4326-AEF8-709448FA2BAE} 0x3F 0x49 0x5B 0x51 ... ---- EOF - GMER 2.1 ----