GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-11 14:28:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 SAMSUNG_ rev.1AC0 232,88GB Running: gmer.exe; Driver: C:\Users\Karol\AppData\Local\Temp\kxlcyaod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f3ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text C:\Windows\system32\svchost.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f3ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 0000000100070460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 0000000100070450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 0000000100070370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 0000000100070470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000001000703e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 0000000100070320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000001000703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 0000000100070390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000001000702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 0000000100070310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000001000703c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 0000000100070230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 0000000100070480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 0000000100070350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 0000000100070290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 0000000100070330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 0000000100070410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 0000000100070240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 0000000100070250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 0000000100070490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 0000000100070300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 0000000100070360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000001000702a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000001000702c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 0000000100070380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 0000000100070340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 0000000100070440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 0000000100070260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 0000000100070400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 0000000100070210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 0000000100070200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 0000000100070420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 0000000100070430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f3ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f3ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Windows\Explorer.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text C:\Windows\Explorer.EXE[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f3ef8d 1 byte [62] .text C:\Windows\SysWOW64\svchost.exe[1892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62] .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[2648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62] .text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[2808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f3ef8d 1 byte [62] .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077051360 5 bytes JMP 00000000771b0460 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770513b0 5 bytes JMP 00000000771b0450 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077051510 5 bytes JMP 00000000771b0370 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077051560 5 bytes JMP 00000000771b0470 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077051570 5 bytes JMP 00000000771b03e0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077051620 5 bytes JMP 00000000771b0320 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077051650 5 bytes JMP 00000000771b03b0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077051670 5 bytes JMP 00000000771b0390 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770516b0 5 bytes JMP 00000000771b02e0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077051730 5 bytes JMP 00000000771b02d0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077051750 5 bytes JMP 00000000771b0310 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077051790 5 bytes JMP 00000000771b03c0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770517e0 5 bytes JMP 00000000771b03f0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077051940 5 bytes JMP 00000000771b0230 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077051b00 5 bytes JMP 00000000771b0480 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077051b30 5 bytes JMP 00000000771b03a0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077051c10 5 bytes JMP 00000000771b02f0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077051c20 5 bytes JMP 00000000771b0350 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077051c80 5 bytes JMP 00000000771b0290 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077051d10 5 bytes JMP 00000000771b02b0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077051d30 5 bytes JMP 00000000771b03d0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077051d40 5 bytes JMP 00000000771b0330 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077051db0 5 bytes JMP 00000000771b0410 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077051de0 5 bytes JMP 00000000771b0240 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770520a0 5 bytes JMP 00000000771b01e0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077052160 5 bytes JMP 00000000771b0250 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077052190 5 bytes JMP 00000000771b0490 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770521a0 5 bytes JMP 00000000771b04a0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770521d0 5 bytes JMP 00000000771b0300 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770521e0 5 bytes JMP 00000000771b0360 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077052240 5 bytes JMP 00000000771b02a0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077052290 5 bytes JMP 00000000771b02c0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770522c0 5 bytes JMP 00000000771b0380 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770522d0 5 bytes JMP 00000000771b0340 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770525c0 5 bytes JMP 00000000771b0440 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770527c0 5 bytes JMP 00000000771b0260 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770527d0 5 bytes JMP 00000000771b0270 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770527e0 5 bytes JMP 00000000771b0400 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770529a0 5 bytes JMP 00000000771b01f0 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770529b0 5 bytes JMP 00000000771b0210 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077052a20 5 bytes JMP 00000000771b0200 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077052a80 5 bytes JMP 00000000771b0420 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077052a90 5 bytes JMP 00000000771b0430 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077052aa0 5 bytes JMP 00000000771b0220 .text C:\Windows\system32\taskhost.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077052b80 5 bytes JMP 00000000771b0280 .text G:\gmer.exe[5332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62] ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc9196-5127-11e4-b3c0-00241d0f8227} 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227} 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol\AppData\Local\Microsoft\Windows\WebCache 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol\AppData\Local\Microsoft\Windows\WebCache\V01.log 524288 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\FRST64.exe_{dadc919c-5127-11e4-b3c0-00241d0f8227}\C\Users\Karol\AppData\Local\Microsoft\Windows\WebCacheLock.dat 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\gmer.exe_{dadc91aa-5127-11e4-b3c0-00241d0f8227} 0 bytes File C:\avast! sandbox\S-1-5-21-4220004453-4084736927-3424682642-1000\r115\OTL.exe_{dadc917e-5127-11e4-b3c0-00241d0f8227} 0 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 13312 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{dadc9180-5127-11e4-b3c0-00241d0f8227}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{dadc9180-5127-11e4-b3c0-00241d0f8227}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{dadc9180-5127-11e4-b3c0-00241d0f8227}.TMContainer00000000000000000002.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{dadc9187-5127-11e4-b3c0-00241d0f8227}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{dadc9187-5127-11e4-b3c0-00241d0f8227}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{dadc9187-5127-11e4-b3c0-00241d0f8227}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ----