GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-16 15:50:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG02 298,09GB Running: jzmc8nz6.exe; Driver: C:\Users\kasia\AppData\Local\Temp\uxldrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880053b5d8c 12 bytes {MOV RAX, 0xfffffa8005c152a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769f1401 2 bytes JMP 770cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769f1419 2 bytes JMP 770cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769f1431 2 bytes JMP 77148fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769f144a 2 bytes CALL 770a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769f14dd 2 bytes JMP 771488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769f14f5 2 bytes JMP 77148aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769f150d 2 bytes JMP 771487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769f1525 2 bytes JMP 77148b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769f153d 2 bytes JMP 770bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769f1555 2 bytes JMP 770c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769f156d 2 bytes JMP 77149089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769f1585 2 bytes JMP 77148bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769f159d 2 bytes JMP 7714877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769f15b5 2 bytes JMP 770bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769f15cd 2 bytes JMP 770cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769f16b2 2 bytes JMP 77148f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769f16bd 2 bytes JMP 77148713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Windows\system32\svchost.exe[2608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\system32\TODDSrv.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\system32\taskhost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769f1401 2 bytes JMP 770cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769f1419 2 bytes JMP 770cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769f1431 2 bytes JMP 77148fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769f144a 2 bytes CALL 770a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769f14dd 2 bytes JMP 771488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769f14f5 2 bytes JMP 77148aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769f150d 2 bytes JMP 771487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769f1525 2 bytes JMP 77148b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769f153d 2 bytes JMP 770bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769f1555 2 bytes JMP 770c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769f156d 2 bytes JMP 77149089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769f1585 2 bytes JMP 77148bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769f159d 2 bytes JMP 7714877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769f15b5 2 bytes JMP 770bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769f15cd 2 bytes JMP 770cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769f16b2 2 bytes JMP 77148f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769f16bd 2 bytes JMP 77148713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\system32\Dwm.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\Explorer.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\system32\taskeng.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\system32\wbem\wmiprvse.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\TECO\TEco.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769f1401 2 bytes JMP 770cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769f1419 2 bytes JMP 770cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769f1431 2 bytes JMP 77148fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769f144a 2 bytes CALL 770a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769f14dd 2 bytes JMP 771488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769f14f5 2 bytes JMP 77148aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769f150d 2 bytes JMP 771487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769f1525 2 bytes JMP 77148b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769f153d 2 bytes JMP 770bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769f1555 2 bytes JMP 770c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769f156d 2 bytes JMP 77149089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769f1585 2 bytes JMP 77148bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769f159d 2 bytes JMP 7714877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769f15b5 2 bytes JMP 770bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769f15cd 2 bytes JMP 770cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769f16b2 2 bytes JMP 77148f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769f16bd 2 bytes JMP 77148713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769f1401 2 bytes JMP 770cb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769f1419 2 bytes JMP 770cb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769f1431 2 bytes JMP 77148fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769f144a 2 bytes CALL 770a489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769f14dd 2 bytes JMP 771488c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769f14f5 2 bytes JMP 77148aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769f150d 2 bytes JMP 771487ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769f1525 2 bytes JMP 77148b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769f153d 2 bytes JMP 770bfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769f1555 2 bytes JMP 770c68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769f156d 2 bytes JMP 77149089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769f1585 2 bytes JMP 77148bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769f159d 2 bytes JMP 7714877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769f15b5 2 bytes JMP 770bfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769f15cd 2 bytes JMP 770cb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769f16b2 2 bytes JMP 77148f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769f16bd 2 bytes JMP 77148713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\system32\wbem\unsecapp.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Windows\SysWOW64\ctfmon.exe[2376] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Windows\System32\svchost.exe[5684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 00000001778f00a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 00000001778f0018 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 00000001778f03d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 00000001778f01b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 00000001778f0128 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 00000001778f0238 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 00000001778f02c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 00000001778f0348 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 00000001778f0458 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 00000001778f04e0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe[3112] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\servicing\TrustedInstaller.exe[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077c1fc90 5 bytes JMP 0000000171d122f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077c1fe54 5 bytes JMP 0000000171d12180 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077c1fee8 5 bytes JMP 0000000171d125b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c1ffb4 5 bytes JMP 0000000171d12590 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077c200a8 5 bytes JMP 0000000171d124b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c207dc 5 bytes JMP 0000000171d125d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c208b4 5 bytes JMP 0000000171d12610 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077c2095c 5 bytes JMP 0000000171d12650 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077c210b8 5 bytes JMP 0000000171d125f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077c21130 1 byte JMP 0000000171d12630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore + 2 0000000077c21132 3 bytes {JMP 0xfffffffffa0f1500} .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Windows\system32\taskmgr.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a6dc30 5 bytes JMP 0000000077bd00a0 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a6dd50 5 bytes JMP 0000000077bd0018 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a6ddb0 5 bytes JMP 0000000077bd03d0 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a6de30 5 bytes JMP 0000000077bd01b0 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a6ded0 5 bytes JMP 0000000077bd0128 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a6e380 5 bytes JMP 0000000077bd0238 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a6e410 5 bytes JMP 0000000077bd02c0 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077a6e480 5 bytes JMP 0000000077bd0348 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a6e940 5 bytes JMP 0000000077bd0458 .text C:\Users\kasia\Desktop\skan\FRST64 (1).exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a6e990 5 bytes JMP 0000000077bd04e0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88001126650] \SystemRoot\System32\Drivers\spct.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880011265dc] \SystemRoot\System32\Drivers\spct.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010f135c] \SystemRoot\System32\Drivers\spct.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010f1224] \SystemRoot\System32\Drivers\spct.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010f1a24] \SystemRoot\System32\Drivers\spct.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010f1ba0] \SystemRoot\System32\Drivers\spct.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\aqzvnrvu \Device\Scsi\aqzvnrvu1Port1Path0Target0Lun0 fffffa8005cf62c0 Device \Driver\aqzvnrvu \Device\Scsi\aqzvnrvu1 fffffa8005cf62c0 Device \FileSystem\Ntfs \Ntfs fffffa8004a232c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa8005bfd2c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8005c172c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8005bfd2c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8005c172c0 Device \Driver\cdrom \Device\CdRom0 fffffa80059cc2c0 Device \Driver\cdrom \Device\CdRom1 fffffa80059cc2c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8005c172c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8005c172c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8005c172c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8005c172c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{90C2A6F9-2B63-4B5D-A080-660DF3A4623B} fffffa8005aa42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{7AD7A40D-8A66-4E8E-925E-8E6B4AE1642C} fffffa8005aa42c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa8005bfd2c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8005c172c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8005bfd2c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8005c172c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8004a172c0 Device \Driver\volmgr \Device\FtControl fffffa8004a172c0 Device \Driver\volmgr \Device\VolMgrControl fffffa8004a172c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8004a172c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8004a172c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{785513A8-145E-46BC-98A5-87A17EB0E07A} fffffa8005aa42c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8005aa42c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8005c172c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8005c172c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8005c172c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8005c172c0 Device \Driver\aqzvnrvu \Device\ScsiPort1 fffffa8005cf62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1AEF57D7-7C50-4DB1-93E6-A9760E7C051F} fffffa8005aa42c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aqzvnrvu.SYS fffff880043a0000-fffff880043e5000 (282624 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\rundll32.exe [3892:3700] 0000000077c3c557 Thread C:\Windows\SysWOW64\rundll32.exe [3892:3380] 0000000077c527c1 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB8 0x2F 0x69 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0xE1 0x68 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xF4 0xEA 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xB7 0x0F 0x33 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB8 0x2F 0x69 0x60 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0xE1 0x68 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xF4 0xEA 0xAC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xB7 0x0F 0x33 ... ---- EOF - GMER 2.1 ----