GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-25 00:01:01 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 465,76GB Running: kkf47tyn.exe; Driver: C:\Users\MATOS\AppData\Local\Temp\fgloypog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88003db1ca8 12 bytes {MOV RAX, 0xfffffa8004a942a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\csrss.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001004200ac .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010042004c .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010042010c .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010042016c .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001004201cc .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001001e00ac .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001001e004c .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001001e010c .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001001e016c .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001001e01cc .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001002b00ac .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001002b004c .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001002b010c .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001002b016c .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001002b01cc .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001001b00ac .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001001b004c .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001001b010c .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001001b016c .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001001b01cc .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\System32\svchost.exe[368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001001d00ac .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001001d004c .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001001d010c .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001001d016c .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001001d01cc .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff876e00 5 bytes JMP 000007ff7f8902ec .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff876f2c 5 bytes JMP 000007ff7f89016c .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff877220 5 bytes JMP 000007ff7f8901cc .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff87739c 1 byte JMP 000007ff7f89022c .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A + 2 000007feff87739e 3 bytes {JMP 0xffffffff80018e90} .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff877538 5 bytes JMP 000007ff7f89028c .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff8775e8 5 bytes JMP 000007ff7f89004c .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff87790c 5 bytes JMP 000007ff7f8900ac .text C:\Windows\System32\svchost.exe[680] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff877ab4 5 bytes JMP 000007ff7f89010c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001004000ac .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010040004c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010040010c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010040016c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001004001cc .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff876e00 5 bytes JMP 000007ff7f8902ec .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff876f2c 5 bytes JMP 000007ff7f89016c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff877220 5 bytes JMP 000007ff7f8901cc .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff87739c 1 byte JMP 000007ff7f89022c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A + 2 000007feff87739e 3 bytes {JMP 0xffffffff80018e90} .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff877538 5 bytes JMP 000007ff7f89028c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff8775e8 5 bytes JMP 000007ff7f89004c .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff87790c 5 bytes JMP 000007ff7f8900ac .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff877ab4 5 bytes JMP 000007ff7f89010c .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001003b00ac .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001003b004c .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001003b010c .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001003b016c .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001003b01cc .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\svchost.exe[1240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001002900ac .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010029004c .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010029010c .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010029016c .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001002901cc .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001003500ac .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010035004c .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 3 bytes JMP 000000010035010c .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 00000000777cf834 1 byte [88] .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 3 bytes JMP 000000010035016c .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 00000000777cf894 1 byte [88] .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 3 bytes JMP 00000001003501cc .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 00000000777cfbb4 1 byte [88] .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff876e00 5 bytes JMP 000007ff7f8902ec .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff876f2c 5 bytes JMP 000007ff7f89016c .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff877220 5 bytes JMP 000007ff7f8901cc .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff87739c 1 byte JMP 000007ff7f89022c .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A + 2 000007feff87739e 3 bytes {JMP 0xffffffff80018e90} .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff877538 5 bytes JMP 000007ff7f89028c .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff8775e8 5 bytes JMP 000007ff7f89004c .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff87790c 5 bytes JMP 000007ff7f8900ac .text C:\Windows\system32\svchost.exe[2040] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff877ab4 5 bytes JMP 000007ff7f89010c .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001000800a8 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001000800e4 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 0000000100080120 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2052] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 0000000100080030 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2052] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 000000010008006c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001003300ac .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010033004c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010033010c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010033016c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001003301cc .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001003900ac .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010039004c .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010039010c .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010039016c .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001003901cc .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001001000ac .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010010004c .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010010010c .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010010016c .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001001001cc .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\taskhost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001000e00ac .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001000e004c .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001000e010c .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001000e016c .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001000e01cc .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\taskeng.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001001800ac .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010018004c .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010018010c .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010018016c .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001001801cc .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff876e00 5 bytes JMP 000007ff7f8902ec .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff876f2c 5 bytes JMP 000007ff7f89016c .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff877220 5 bytes JMP 000007ff7f8901cc .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff87739c 1 byte JMP 000007ff7f89022c .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A + 2 000007feff87739e 3 bytes {JMP 0xffffffff80018e90} .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff877538 5 bytes JMP 000007ff7f89028c .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff8775e8 5 bytes JMP 000007ff7f89004c .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff87790c 5 bytes JMP 000007ff7f8900ac .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff877ab4 5 bytes JMP 000007ff7f89010c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 4 bytes JMP 000000007fff00ac .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000007fff004c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000007fff010c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000007fff016c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 000000007fff01cc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001003700ac .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010037004c .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010037010c .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010037016c .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001003701cc .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\SysWOW64\ACEngSvr.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001000e00ac .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001000e004c .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001000e010c .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001000e016c .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001000e01cc .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\system32\SearchIndexer.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Users\MATOS\AppData\Local\Akamai\netsession_win.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001001b00a8 .text C:\Users\MATOS\AppData\Local\Akamai\netsession_win.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001001b00e4 .text C:\Users\MATOS\AppData\Local\Akamai\netsession_win.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 00000001001b0120 .text C:\Users\MATOS\AppData\Local\Akamai\netsession_win.exe[4656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 00000001001b0030 .text C:\Users\MATOS\AppData\Local\Akamai\netsession_win.exe[4656] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 00000001001b006c .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001009400ac .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010094004c .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010094010c .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010094016c .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001009401cc .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076251465 2 bytes [25, 76] .text C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762514bb 2 bytes [25, 76] .text ... * 2 .text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001001c00a8 .text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001001c00e4 .text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[4780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 00000001001c0120 .text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[4780] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 00000001001c0030 .text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[4780] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 00000001001c006c .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4800] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075f72a62 5 bytes JMP 0000000174f044c0 .text D:\Program Files (x86)\iTunes\iTunesHelper.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001000800a8 .text D:\Program Files (x86)\iTunes\iTunesHelper.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001000800e4 .text D:\Program Files (x86)\iTunes\iTunesHelper.exe[5024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 0000000100080120 .text D:\Program Files (x86)\iTunes\iTunesHelper.exe[5024] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 0000000100080030 .text D:\Program Files (x86)\iTunes\iTunesHelper.exe[5024] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 000000010008006c .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001004400ac .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010044004c .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010044010c .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010044016c .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001004401cc .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Windows\System32\svchost.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001002a00ac .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 00000001002a004c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 00000001002a010c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 00000001002a016c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001002a01cc .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001001c00a8 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001001c00e4 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 00000001001c0120 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 00000001001c0030 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 00000001001c006c .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f5f0e6 5 bytes JMP 00000001001d0030 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075f63907 5 bytes JMP 00000001001d006c .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f68364 5 bytes JMP 00000001001d00a8 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f706b3 5 bytes JMP 00000001001d00e4 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075f72a62 5 bytes JMP 0000000174f044c0 .text C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe[6336] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f80efc 5 bytes JMP 00000001001d0120 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777a2c90 5 bytes JMP 00000001004400ac .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777b4420 5 bytes JMP 000000010044004c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777cf760 5 bytes JMP 0000000077930380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777cf7b0 5 bytes JMP 0000000077930370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777cf830 5 bytes JMP 000000010044010c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777cf890 5 bytes JMP 000000010044016c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777cf960 5 bytes JMP 0000000077930390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777cfa20 5 bytes JMP 0000000077930320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777cfab0 5 bytes JMP 00000000779302e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777cfb30 5 bytes JMP 00000000779302d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777cfb50 5 bytes JMP 0000000077930310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777cfbb0 5 bytes JMP 00000001004401cc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777cfd40 5 bytes JMP 0000000077930230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777cff00 5 bytes JMP 00000000779303a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777d0010 5 bytes JMP 00000000779302f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777d0020 5 bytes JMP 0000000077930350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777d0080 5 bytes JMP 0000000077930290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777d0110 5 bytes JMP 00000000779302b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777d0140 5 bytes JMP 0000000077930330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777d01e0 5 bytes JMP 0000000077930240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777d04a0 5 bytes JMP 00000000779301e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777d0560 5 bytes JMP 0000000077930250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777d0590 5 bytes JMP 00000000779303b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777d05a0 5 bytes JMP 00000000779303c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777d05d0 5 bytes JMP 0000000077930300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777d05e0 5 bytes JMP 0000000077930360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777d0640 5 bytes JMP 00000000779302a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777d0690 5 bytes JMP 00000000779302c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777d06d0 5 bytes JMP 0000000077930340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777d0bc0 5 bytes JMP 0000000077930260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777d0bd0 5 bytes JMP 0000000077930270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777d0da0 5 bytes JMP 00000000779301f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777d0db0 5 bytes JMP 0000000077930210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777d0e20 5 bytes JMP 0000000077930200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777d0ea0 5 bytes JMP 0000000077930220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777d0f80 5 bytes JMP 0000000077930280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001001c00a8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001001c00e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 00000001001c0120 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6500] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 00000001001c0030 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6500] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 00000001001c006c .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001000800a8 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001000800e4 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 0000000100080120 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 0000000100080030 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 000000010008006c .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000757c5181 5 bytes JMP 00000001000901d4 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000757c5254 5 bytes JMP 00000001000900e4 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000757c53d5 5 bytes JMP 0000000100090120 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000757c54c2 5 bytes JMP 000000010009015c .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000757c55e2 5 bytes JMP 0000000100090198 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000757c567c 5 bytes JMP 0000000100090030 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000757c589f 5 bytes JMP 000000010009006c .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000757c5a22 5 bytes JMP 00000001000900a8 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f5f0e6 5 bytes JMP 00000001000a0030 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075f63907 5 bytes JMP 00000001000a006c .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f68364 5 bytes JMP 00000001000a00a8 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f706b3 5 bytes JMP 00000001000a00e4 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075f72a62 5 bytes JMP 0000000174f044c0 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f80efc 5 bytes JMP 00000001000a0120 .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076251465 2 bytes [25, 76] .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[11148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762514bb 2 bytes [25, 76] .text ... * 2 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007797fa50 5 bytes JMP 00000001001c00a8 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007797fae8 5 bytes JMP 00000001001c00e4 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007797ffc8 5 bytes JMP 00000001001c0120 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007799c4aa 5 bytes JMP 00000001001c0030 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779a1247 5 bytes JMP 00000001001c006c .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f5f0e6 5 bytes JMP 00000001003e0030 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075f63907 5 bytes JMP 00000001003e006c .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f68364 5 bytes JMP 00000001003e00a8 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f706b3 5 bytes JMP 00000001003e00e4 .text C:\Users\MATOS\Downloads\kkf47tyn.exe[8992] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f80efc 5 bytes JMP 00000001003e0120 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800107bed8] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800107bc7c] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800107c658] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800107ca54] \SystemRoot\System32\Drivers\sptd.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800107c8b0] \SystemRoot\System32\Drivers\sptd.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\VClone \Device\Scsi\VClone1 fffffa8006a262c0 Device \Driver\VClone \Device\Scsi\VClone1Port1Path0Target0Lun0 fffffa8006a262c0 Device \FileSystem\Ntfs \Ntfs fffffa8003e6e2c0 Device \FileSystem\fastfat \Fat fffffa80090b62c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004a922c0 Device \Driver\cdrom \Device\CdRom0 fffffa80047752c0 Device \Driver\cdrom \Device\CdRom1 fffffa80047752c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1C167BF2-C23A-4B99-869A-3C13CCE81F8C} fffffa80048d22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2A5D3F54-F991-49B7-8E0F-C76A1C607010} fffffa80048d22c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8004a922c0 Device \Driver\USBSTOR \Device\0000009c fffffa800933c2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004a922c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80048d22c0 Device \Driver\USBSTOR \Device\0000009d fffffa800933c2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8004a922c0 Device \Driver\VClone \Device\ScsiPort1 fffffa8006a262c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\sptd.sys (FILE NOT FOUND) fffff88001051000-fffff880011b8000 (1470464 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????v???????????????????????????????????????????.?/???T?.?U?U?9?9?@?U??os??t????????????S??????????????????usb\class_08&subclass_06&prot_50????????@cpu.inf,%intelppm.devicedesc%;Intel Processor??&???@usbstor.inf,%generic.mfg%;Compatible USB storage device?7??@usbstor.inf,%generic.mfg%;Compatible USB storage device?????????????????????????????????????????????????????????i??@oem18.inf,%mfgname%;Broadcom???@oem8.inf,%mfgname%;NVIDIA????????????????????????N??????4??????????usb\vid_05ac&pid_1281??????????????????????????????????????????????????s?????????????o??ex?????????????????????l??????`??????????????/?/?T?T?A?T?U?U?T?U?U?Uos??t????????????.??????????9.5.0.1005??????????????????????????????????????????????????????????? 2??????1???????????????????????????????????????????????????????????????????????????????????????9??????????@cpu.inf,%intelppm.devicedesc%;Intel Processor???????/?f?e?p?u?ypv?y???.?y?x?y???0?U?U?U?.?U?U?Z?0?e?_?`?d???????????_???d????????????L??????8??????????en???y??????????????????Ricoh PCIe Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3ae7e88 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0x56 0xA0 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xD5 0xBF 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3ae7e88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0x56 0xA0 0xA3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xD5 0xBF 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x24 0xA8 0x9C 0xCE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0xEB 0x53 0xF2 ... ---- EOF - GMER 2.1 ----