Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by NANA (administrator) on NANA-PC on 08-09-2014 08:35:48
Running from C:\Users\NANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RD2L9Q4Q
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(MicroTools) C:\Program Files (x86)\Windows Optimizer\optimizer.exe
(DVS Studio) C:\Program Files (x86)\Win Application\applications.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Users\NANA\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NANA\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NANA\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2839386701-1324129299-1537049521-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2839386701-1324129299-1537049521-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF8175C361DBFCE01
SearchScopes: HKLM-x32 - DefaultScope {C1BAB7F1-DE11-40EB-BC1A-605D51042238} URL =
SearchScopes: HKLM-x32 - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm002^YY^us&si=CI6dqrmckbQCFQsGnQodCWoAhA&ptb=2F966A54-30F9-4848-A57C-87A9E53D96B8&ind=2012121020&n=77ee87bc&psa=&st=sb&searchfor={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Updater For Verizon Toolbar -> {96673559-e653-4cdc-8923-f89347a952c0} -> C:\Program Files (x86)\verizontb\auxi\verizonAu.dll (Visicom Media)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Verizon Toolbar -> {f8d96645-337c-419b-8792-b6c126145811} -> C:\Program Files (x86)\verizontb\verizonDx.dll ()
Toolbar: HKLM-x32 - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PCShowPlugin -> C:\Users\NANA\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\NANA\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\NANA\AppData\Local\Roblox\Versions\version-1fc13f51ea764eb7\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\NANA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\NANA\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\NANA\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll (BearShare)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\NANA\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
FF Extension: YouTube Downloader and Converter - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi [2014-08-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-07]
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi

Chrome:
=======
CHR HomePage: Default -> 9B4EA1DC9F4E727432FD0E79FDE22EC55655127BD44324B7742FD7069B6ECA99
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\NANA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\NANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\NANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (avast! Online Security) - C:\Users\NANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\NANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\NANA\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx []
CHR HKCU\...\Chrome\Extension: [dijhkeelgcfckackbgkkdaamdhaiplod] - C:\Users\NANA\AppData\Local\CRE\dijhkeelgcfckackbgkkdaamdhaiplod.crx []
CHR HKCU\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Users\NANA\AppData\Local\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [cgiaikfpllchefojlnehlmpekeogihnm] - C:\Users\NANA\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [dijhkeelgcfckackbgkkdaamdhaiplod] - C:\Users\NANA\AppData\Local\CRE\dijhkeelgcfckackbgkkdaamdhaiplod.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Users\NANA\AppData\Local\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-07] (AVAST Software)
R2 HPSLPSVC; C:\Users\NANA\AppData\Local\Temp\7zS77B6\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-12-10] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-12-10] (SupportSoft, Inc.)
R2 WindowsOptimizer; C:\Program Files (x86)\Windows Optimizer\optimizer.exe [2282080 2014-09-05] (MicroTools)
R2 Windows_Application; C:\Program Files (x86)\Win Application\applications.exe [2251856 2014-08-11] (DVS Studio) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-07] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 08:35 - 2014-09-08 08:35 - 00000000 ____D () C:\FRST
2014-09-08 08:07 - 2014-09-08 08:07 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-08 08:07 - 2014-09-08 08:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-08 07:12 - 2014-09-08 07:12 - 00000672 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-09-08 07:06 - 2014-09-08 07:06 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-09-08 07:06 - 2014-09-08 07:06 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2014-09-08 07:06 - 2014-09-08 07:06 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-09-08 07:06 - 2014-09-08 07:06 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2014-09-08 06:58 - 2014-09-08 07:12 - 00000224 _____ () C:\Windows\system32\config\afw_hm.conf
2014-09-08 06:58 - 2014-09-08 07:12 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-09-07 23:08 - 2014-09-07 23:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 23:08 - 2014-09-07 23:08 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\QuickScan
2014-09-07 23:06 - 2014-09-07 23:06 - 00328024 _____ () C:\Users\NANA\Downloads\BullGuardDownloaderBPP_uksem30bpp.exe
2014-09-07 03:56 - 2014-09-07 03:56 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\AVAST Software
2014-09-07 03:55 - 2014-09-07 03:55 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-07 03:55 - 2014-09-07 03:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-07 03:54 - 2014-09-07 03:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-07 03:54 - 2014-09-07 03:54 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-07 03:54 - 2014-09-07 03:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-07 03:54 - 2014-09-07 03:53 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-07 03:54 - 2014-09-07 03:53 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-07 03:54 - 2014-09-07 03:53 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-07 03:54 - 2014-09-07 03:53 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-07 03:54 - 2014-09-07 03:53 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-07 03:54 - 2014-09-07 03:53 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-07 03:54 - 2014-09-07 03:53 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-07 03:53 - 2014-09-07 03:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-07 03:50 - 2014-09-07 03:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-07 03:49 - 2014-09-07 03:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-07 00:32 - 2014-09-07 00:32 - 00002301 _____ () C:\Users\NANA\Documents\live pc help files.txt
2014-09-07 00:07 - 2014-09-07 00:07 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-07 00:04 - 2014-09-07 00:04 - 00044058 _____ () C:\Windows\system32\.crusader
2014-09-06 22:01 - 2014-09-06 22:17 - 30517960 _____ (Microsoft Corporation) C:\Users\NANA\Downloads\windows-kb890830-x64-v5.15.exe
2014-09-06 21:55 - 2014-09-07 00:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-06 21:47 - 2014-09-06 21:54 - 11194928 _____ (SurfRight B.V.) C:\Users\NANA\Downloads\HitmanPro_x64.exe
2014-09-06 21:46 - 2014-09-06 21:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-03 17:07 - 2014-09-03 17:07 - 06764848 _____ (SparkTrust) C:\Users\NANA\Downloads\SparkTrust PC Cleaner Plus Setup_d79a236_.exe
2014-09-03 15:54 - 2014-09-03 15:55 - 04901352 _____ (Piriform Ltd) C:\Users\NANA\Downloads\ccsetup417.exe
2014-09-03 12:11 - 2014-09-03 12:11 - 00185249 _____ () C:\Users\NANA\AppData\Local\census.cache
2014-09-03 12:10 - 2014-09-03 12:10 - 00093711 _____ () C:\Users\NANA\AppData\Local\ars.cache
2014-09-03 11:55 - 2014-09-03 11:55 - 02002376 _____ (Trend Micro Inc.) C:\Users\NANA\Downloads\HousecallLauncher (1).exe
2014-09-03 11:53 - 2011-06-21 00:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-09-03 11:51 - 2014-09-03 11:51 - 00000036 _____ () C:\Users\NANA\AppData\Local\housecall.guid.cache
2014-09-03 11:50 - 2014-09-03 11:50 - 02002376 _____ (Trend Micro Inc.) C:\Users\NANA\Downloads\HousecallLauncher.exe
2014-09-03 11:45 - 2014-09-03 11:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-03 11:18 - 2014-09-08 07:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 11:18 - 2014-09-03 11:18 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 11:18 - 2014-09-03 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 11:18 - 2014-09-03 11:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 11:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 11:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 11:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 11:17 - 2014-09-03 11:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-31 21:34 - 2014-08-31 21:34 - 01133247 _____ () C:\Users\NANA\Downloads\Shelby Linn Anderson.htm
2014-08-31 21:34 - 2014-08-31 21:34 - 00000000 ____D () C:\Users\NANA\Downloads\Shelby Linn Anderson_files
2014-08-31 15:23 - 2014-08-31 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 15:11 - 2014-08-31 15:11 - 00000607 _____ () C:\Users\NANA\Documents\help.txt
2014-08-27 19:43 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 19:43 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 19:43 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 11:35 - 2014-08-26 14:24 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-26 11:34 - 2014-08-26 11:34 - 13829304 _____ (Microsoft Corporation) C:\Users\NANA\Downloads\mseinstall.exe
2014-08-26 10:54 - 2014-08-26 10:54 - 00002644 _____ () C:\Users\NANA\Documents\pc live removal.txt
2014-08-26 10:38 - 2014-08-26 10:53 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2014-08-26 10:38 - 2014-08-26 10:38 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\MyTurboPC.com
2014-08-26 07:01 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 07:01 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 07:01 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 07:01 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 07:01 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 07:01 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 07:01 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 07:01 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 07:01 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 07:01 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 07:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 07:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 07:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 07:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 10:36 - 2014-09-03 17:29 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-08-25 10:36 - 2014-08-25 10:36 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\SparkTrust
2014-08-25 09:16 - 2014-08-25 09:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-25 09:16 - 2014-08-25 09:16 - 00000000 _____ () C:\autoexec.bat
2014-08-25 09:14 - 2014-08-25 10:31 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-23 11:05 - 2014-08-23 11:05 - 00000000 ____D () C:\Users\NANA\AppData\Local\{FB6494DF-9E52-4699-968F-E3B3F8DE3F52}
2014-08-21 08:33 - 2014-08-21 08:33 - 00000000 _____ () C:\Windows\SysWOW64\shoA193.tmp
2014-08-21 03:54 - 2014-08-21 03:54 - 00001045 _____ () C:\Users\NANA\Documents\Root Beer Float Pop.txt
2014-08-21 03:40 - 2014-08-21 03:40 - 00000175 _____ () C:\Users\NANA\Documents\fudge sickles.txt
2014-08-21 03:38 - 2014-08-21 03:38 - 00000402 _____ () C:\Users\NANA\Documents\CRANBERRY JELLO SALAD.txt
2014-08-20 08:28 - 2014-08-20 08:28 - 00001144 _____ () C:\Users\NANA\Desktop\Live PC Help.lnk
2014-08-20 08:24 - 2014-09-07 15:29 - 00000000 ____D () C:\Program Files (x86)\Win Application
2014-08-20 08:24 - 2014-09-07 00:08 - 00000000 ____D () C:\Program Files (x86)\Windows Optimizer
2014-08-20 08:24 - 2014-08-25 07:02 - 00000000 ____D () C:\ProgramData\Optimizer
2014-08-20 08:24 - 2014-08-22 13:33 - 00000000 ____D () C:\Program Files (x86)\Windows Movie Maker
2014-08-20 08:24 - 2014-08-20 08:24 - 00001067 _____ () C:\Users\Public\Desktop\Windows Movie Maker.lnk
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\solidloader
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\Users\NANA\AppData\Local\WMTools Downloaded Files
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\ProgramData\WinApplication
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\ProgramData\SolidLoader
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2014-08-20 08:24 - 2008-06-27 10:49 - 00518064 _____ (Codejock Software) C:\Windows\SysWOW64\framework.ocx
2014-08-20 08:23 - 2014-08-20 08:28 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\systweak
2014-08-20 08:17 - 2014-08-20 08:18 - 08343216 _____ (win-movie-maker-free ) C:\Users\NANA\Downloads\windows-movie-maker-free.exe
2014-08-18 07:52 - 2014-08-18 07:52 - 00000000 ____D () C:\SUPERDelete
2014-08-13 13:17 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 13:17 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 13:17 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 13:17 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 13:17 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 13:17 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 13:16 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 13:16 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 23:28 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 23:28 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 23:28 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 23:28 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 23:28 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 23:28 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 23:28 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 23:28 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 23:28 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 23:27 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 23:27 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 23:27 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 23:27 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 23:27 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 23:27 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 23:27 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 23:27 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 23:27 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 23:27 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 23:27 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 23:27 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 23:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 23:27 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 23:27 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 23:24 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 23:24 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 23:24 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 23:24 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 04:28 - 2014-08-12 04:30 - 00000349 _____ () C:\Users\NANA\Documents\pain dr.txt
2014-08-12 03:24 - 2014-08-12 03:24 - 00918440 _____ (Oracle Corporation) C:\Users\NANA\Downloads\chromeinstall-7u67.exe
2014-08-12 03:24 - 2014-08-12 03:24 - 00918440 _____ (Oracle Corporation) C:\Users\NANA\Downloads\chromeinstall-7u67 (1).exe
2014-08-12 03:23 - 2014-08-12 03:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 03:22 - 2014-08-12 03:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 03:22 - 2014-08-12 03:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 03:22 - 2014-08-12 03:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 03:22 - 2014-08-12 03:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 02:16 - 2014-08-11 02:16 - 00000060 _____ () C:\Users\NANA\Documents\crash victims.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 08:35 - 2014-09-08 08:35 - 00000000 ____D () C:\FRST
2014-09-08 08:29 - 2014-05-25 17:32 - 00000000 ____D () C:\Users\NANA\AppData\Local\BearShare
2014-09-08 08:28 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-09-08 08:16 - 2012-03-30 09:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 08:13 - 2012-01-15 00:08 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000UA.job
2014-09-08 08:11 - 2014-05-09 11:32 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-08 08:10 - 2012-08-29 08:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:07 - 2014-09-08 08:07 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-08 08:07 - 2014-09-08 08:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-08 07:46 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 07:46 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 07:45 - 2014-09-03 11:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 07:45 - 2012-08-29 08:06 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 07:45 - 2012-04-24 15:03 - 00000412 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-09-08 07:45 - 2012-01-08 06:08 - 00000000 ____D () C:\ProgramData\clear.fi
2014-09-08 07:45 - 2011-11-23 23:19 - 01483226 ____N () C:\Windows\WindowsUpdate.log
2014-09-08 07:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 07:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-08 07:12 - 2014-09-08 07:12 - 00000672 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-09-08 07:12 - 2014-09-08 06:58 - 00000224 _____ () C:\Windows\system32\config\afw_hm.conf
2014-09-08 07:12 - 2014-09-08 06:58 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-09-08 07:06 - 2014-09-08 07:06 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-09-08 07:06 - 2014-09-08 07:06 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2014-09-08 07:06 - 2014-09-08 07:06 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-09-08 07:06 - 2014-09-08 07:06 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2014-09-08 07:04 - 2009-07-14 01:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 07:02 - 2012-08-02 04:40 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000UA.job
2014-09-08 02:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-07 23:09 - 2014-09-07 23:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 23:08 - 2014-09-07 23:08 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\QuickScan
2014-09-07 23:06 - 2014-09-07 23:06 - 00328024 _____ () C:\Users\NANA\Downloads\BullGuardDownloaderBPP_uksem30bpp.exe
2014-09-07 20:15 - 2013-06-23 23:42 - 00000000 ____D () C:\Users\Papa
2014-09-07 16:02 - 2012-08-02 04:40 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000Core.job
2014-09-07 15:29 - 2014-08-20 08:24 - 00000000 ____D () C:\Program Files (x86)\Win Application
2014-09-07 09:13 - 2012-01-15 00:08 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000Core.job
2014-09-07 04:07 - 2012-03-07 12:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-07 04:07 - 2012-03-07 12:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-07 03:56 - 2014-09-07 03:56 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\AVAST Software
2014-09-07 03:56 - 2014-09-07 03:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-07 03:55 - 2014-09-07 03:55 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-07 03:55 - 2014-09-07 03:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-07 03:54 - 2014-09-07 03:54 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-07 03:54 - 2014-09-07 03:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-07 03:53 - 2014-09-07 03:54 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-07 03:53 - 2014-09-07 03:54 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-07 03:53 - 2014-09-07 03:54 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-07 03:53 - 2014-09-07 03:54 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-07 03:53 - 2014-09-07 03:54 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-07 03:53 - 2014-09-07 03:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-07 03:53 - 2014-09-07 03:54 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-07 03:53 - 2014-09-07 03:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-07 03:50 - 2014-09-07 03:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-07 03:50 - 2014-09-07 03:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-07 00:32 - 2014-09-07 00:32 - 00002301 _____ () C:\Users\NANA\Documents\live pc help files.txt
2014-09-07 00:19 - 2013-02-14 00:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-07 00:08 - 2014-08-20 08:24 - 00000000 ____D () C:\Program Files (x86)\Windows Optimizer
2014-09-07 00:07 - 2014-09-07 00:07 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-07 00:05 - 2014-09-06 21:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-07 00:04 - 2014-09-07 00:04 - 00044058 _____ () C:\Windows\system32\.crusader
2014-09-06 22:17 - 2014-09-06 22:01 - 30517960 _____ (Microsoft Corporation) C:\Users\NANA\Downloads\windows-kb890830-x64-v5.15.exe
2014-09-06 21:54 - 2014-09-06 21:47 - 11194928 _____ (SurfRight B.V.) C:\Users\NANA\Downloads\HitmanPro_x64.exe
2014-09-06 21:46 - 2014-09-06 21:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-04 20:21 - 2013-11-18 21:45 - 00001317 _____ () C:\Users\NANA\Desktop\ROBLOX Player.lnk
2014-09-04 20:21 - 2013-11-18 21:45 - 00001136 _____ () C:\Users\NANA\Desktop\ROBLOX Studio 2013.lnk
2014-09-04 20:21 - 2013-11-18 21:45 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-09-04 12:39 - 2012-02-04 03:40 - 00017002 _____ () C:\Users\NANA\Documents\bills paid.txt
2014-09-04 07:59 - 2012-01-15 00:09 - 00002329 _____ () C:\Users\NANA\Desktop\Google Chrome.lnk
2014-09-03 18:32 - 2012-01-08 00:11 - 00000000 ____D () C:\Users\NANA\AppData\Local\VirtualStore
2014-09-03 17:29 - 2014-08-25 10:36 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-09-03 17:07 - 2014-09-03 17:07 - 06764848 _____ (SparkTrust) C:\Users\NANA\Downloads\SparkTrust PC Cleaner Plus Setup_d79a236_.exe
2014-09-03 15:56 - 2012-09-06 21:05 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-03 15:56 - 2012-09-06 21:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-03 15:55 - 2014-09-03 15:54 - 04901352 _____ (Piriform Ltd) C:\Users\NANA\Downloads\ccsetup417.exe
2014-09-03 12:11 - 2014-09-03 12:11 - 00185249 _____ () C:\Users\NANA\AppData\Local\census.cache
2014-09-03 12:10 - 2014-09-03 12:10 - 00093711 _____ () C:\Users\NANA\AppData\Local\ars.cache
2014-09-03 11:55 - 2014-09-03 11:55 - 02002376 _____ (Trend Micro Inc.) C:\Users\NANA\Downloads\HousecallLauncher (1).exe
2014-09-03 11:51 - 2014-09-03 11:51 - 00000036 _____ () C:\Users\NANA\AppData\Local\housecall.guid.cache
2014-09-03 11:50 - 2014-09-03 11:50 - 02002376 _____ (Trend Micro Inc.) C:\Users\NANA\Downloads\HousecallLauncher.exe
2014-09-03 11:46 - 2014-09-03 11:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-03 11:18 - 2014-09-03 11:18 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 11:18 - 2014-09-03 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 11:18 - 2014-09-03 11:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 11:17 - 2014-09-03 11:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-31 21:34 - 2014-08-31 21:34 - 01133247 _____ () C:\Users\NANA\Downloads\Shelby Linn Anderson.htm
2014-08-31 21:34 - 2014-08-31 21:34 - 00000000 ____D () C:\Users\NANA\Downloads\Shelby Linn Anderson_files
2014-08-31 15:23 - 2014-08-31 15:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NANA\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 15:11 - 2014-08-31 15:11 - 00000607 _____ () C:\Users\NANA\Documents\help.txt
2014-08-29 18:30 - 2014-03-03 11:01 - 00000411 _____ () C:\Users\NANA\Documents\mikes bill.txt
2014-08-28 06:56 - 2009-07-14 01:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-28 06:56 - 2009-07-14 00:45 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 21:18 - 2012-09-16 19:22 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\Skype
2014-08-26 14:24 - 2014-08-26 11:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-26 11:34 - 2014-08-26 11:34 - 13829304 _____ (Microsoft Corporation) C:\Users\NANA\Downloads\mseinstall.exe
2014-08-26 10:54 - 2014-08-26 10:54 - 00002644 _____ () C:\Users\NANA\Documents\pc live removal.txt
2014-08-26 10:53 - 2014-08-26 10:38 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2014-08-26 10:38 - 2014-08-26 10:38 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\MyTurboPC.com
2014-08-25 10:36 - 2014-08-25 10:36 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\SparkTrust
2014-08-25 10:31 - 2014-08-25 09:14 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-25 09:16 - 2014-08-25 09:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-25 09:16 - 2014-08-25 09:16 - 00000000 _____ () C:\autoexec.bat
2014-08-25 07:02 - 2014-08-20 08:24 - 00000000 ____D () C:\ProgramData\Optimizer
2014-08-25 06:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 11:05 - 2014-08-23 11:05 - 00000000 ____D () C:\Users\NANA\AppData\Local\{FB6494DF-9E52-4699-968F-E3B3F8DE3F52}
2014-08-22 22:07 - 2014-08-27 19:43 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 19:43 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 19:43 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:33 - 2014-08-20 08:24 - 00000000 ____D () C:\Program Files (x86)\Windows Movie Maker
2014-08-22 08:27 - 2014-07-20 18:37 - 00004059 _____ () C:\Users\NANA\Documents\letter to tiffy.txt
2014-08-21 08:33 - 2014-08-21 08:33 - 00000000 _____ () C:\Windows\SysWOW64\shoA193.tmp
2014-08-21 08:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Cursors
2014-08-21 08:14 - 2013-11-04 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 03:54 - 2014-08-21 03:54 - 00001045 _____ () C:\Users\NANA\Documents\Root Beer Float Pop.txt
2014-08-21 03:40 - 2014-08-21 03:40 - 00000175 _____ () C:\Users\NANA\Documents\fudge sickles.txt
2014-08-21 03:38 - 2014-08-21 03:38 - 00000402 _____ () C:\Users\NANA\Documents\CRANBERRY JELLO SALAD.txt
2014-08-20 08:28 - 2014-08-20 08:28 - 00001144 _____ () C:\Users\NANA\Desktop\Live PC Help.lnk
2014-08-20 08:28 - 2014-08-20 08:23 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\systweak
2014-08-20 08:24 - 2014-08-20 08:24 - 00001067 _____ () C:\Users\Public\Desktop\Windows Movie Maker.lnk
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\solidloader
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\Users\NANA\AppData\Local\WMTools Downloaded Files
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\ProgramData\WinApplication
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\ProgramData\SolidLoader
2014-08-20 08:24 - 2014-08-20 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2014-08-20 08:24 - 2013-08-06 19:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-20 08:18 - 2014-08-20 08:17 - 08343216 _____ (win-movie-maker-free ) C:\Users\NANA\Downloads\windows-movie-maker-free.exe
2014-08-18 07:52 - 2014-08-18 07:52 - 00000000 ____D () C:\SUPERDelete
2014-08-17 19:48 - 2012-02-02 00:07 - 00000000 ____D () C:\Users\NANA\AppData\Roaming\HpUpdate
2014-08-13 01:16 - 2014-05-06 18:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 23:29 - 2013-08-14 01:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 15:29 - 2012-01-13 16:45 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 04:30 - 2014-08-12 04:28 - 00000349 _____ () C:\Users\NANA\Documents\pain dr.txt
2014-08-12 03:24 - 2014-08-12 03:24 - 00918440 _____ (Oracle Corporation) C:\Users\NANA\Downloads\chromeinstall-7u67.exe
2014-08-12 03:24 - 2014-08-12 03:24 - 00918440 _____ (Oracle Corporation) C:\Users\NANA\Downloads\chromeinstall-7u67 (1).exe
2014-08-12 03:23 - 2013-10-18 07:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-12 03:22 - 2014-08-12 03:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 03:22 - 2014-08-12 03:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 03:22 - 2014-08-12 03:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 03:22 - 2014-08-12 03:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 03:22 - 2014-08-12 03:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 02:16 - 2014-08-11 02:16 - 00000060 _____ () C:\Users\NANA\Documents\crash victims.txt
2014-08-09 19:43 - 2013-12-31 19:04 - 00000346 _____ () C:\Users\NANA\Documents\dawns bill.txt

Files to move or delete:
====================
C:\ProgramData\pclunst.exe

Some content of TEMP:
====================
C:\Users\NANA\AppData\Local\Temp\BullGuard Premium Protection Setup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-08 02:11

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by NANA at 2014-09-08 08:37:15
Running from C:\Users\NANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RD2L9Q4Q
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
BearShare (HKLM-x32\...\BearShare) (Version: 12.0.0.134600 - Musiclab, LLC)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIRECTV Player (HKLM-x32\...\{C199DEA2-657E-46C2-9FDB-7C1C068B6B35}) (Version: 5.2 - DIRECTV)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Product Detection (HKLM-x32\...\{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}) (Version: 11.15.0004 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
Paint Shop Pro 6.0 (CD-ROM) (HKLM-x32\...\Paint Shop Pro 6.0) (Version:  - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
ROBLOX Player for NANA (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for NANA (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skypeâ„¢ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Verizon Download Manager (HKLM-x32\...\{E80D12A4-71F5-49E6-9598-6ADB0DBC7AE8}) (Version: 47 - SupportSoft)
Verizon Toolbar (HKLM-x32\...\verizontb) (Version: 6.0.0.33 - Verizon and Visicom Media Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version:  - win-movie-maker-free)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2839386701-1324129299-1537049521-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\NANA\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2839386701-1324129299-1537049521-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\NANA\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2839386701-1324129299-1537049521-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\NANA\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2839386701-1324129299-1537049521-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\NANA\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-08-2014 01:36:09 Windows Update
01-09-2014 00:03:22 Windows Backup
03-09-2014 21:31:35 Windows Update
07-09-2014 04:02:51 Checkpoint by HitmanPro
07-09-2014 04:04:41 Checkpoint by HitmanPro
07-09-2014 07:27:40 Removed AVG 2014
07-09-2014 07:29:57 Removed AVG 2014
07-09-2014 07:50:07 avast! antivirus system restore point
08-09-2014 00:15:43 Windows Backup
08-09-2014 03:08:12 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
08-09-2014 03:09:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
08-09-2014 11:35:47 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F92778B-3573-42A6-B986-D29137C760F2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {1958F64D-EE46-4F0B-8B00-ECA9E3D5F675} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {1A6B3A1A-82D6-4B05-947F-0E7888483A60} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {22B0CF53-1999-424F-A651-68C8639CA0A0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {22BF2438-113D-4812-BF45-D567838CE167} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000Core => C:\Users\NANA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {39959B23-5E71-4D73-B02B-4FA6BB7E1600} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29] (Google Inc.)
Task: {3C579924-0AE5-4C00-A012-3A4E0DB515C5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000UA => C:\Users\NANA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15] (Google Inc.)
Task: {3E6D50F7-48DB-4704-BE26-58F4375A98E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {538518E9-C72B-445E-9103-635BC862E11B} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {65083E3D-2EE9-40E1-889A-2217FE5ADB88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {703557E4-F82B-4AF3-92AD-9F3BE3F19BC7} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {8C2C1B53-0FFE-4F0A-B98A-C8BDF824EE7E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AA5F8D3E-E88D-4C0A-88F2-4ECD3A87B078} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-07] (AVAST Software)
Task: {B5C52499-C9B9-498C-B697-B727F46756CB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000UA => C:\Users\NANA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {B6F279DF-8D0B-4F19-9044-8CD960CD8350} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {BA56A527-1653-4A70-A217-9AC1673E23B2} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {C568D6A8-FD7C-4F69-AA18-1F520AC14C0B} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {C58EBA30-4A98-48C9-A60C-5F030A193E11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29] (Google Inc.)
Task: {CB442FD1-E41D-46AD-95D2-11303CE5267B} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {D23641D3-217A-4344-9569-3C00342E3635} - System32\Tasks\hpUrlLauncher.exe_{3151B468-C044-4BE9-858D-3D9E5339017E} => C:\Program Files\HP\hp deskjet 3050a j611 series\bin\utils\hpUrlLauncher.exe
Task: {EACC0788-763E-4619-B5DE-C40691A54B9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000Core => C:\Users\NANA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15] (Google Inc.)
Task: {F1FA1471-049C-419D-9E7B-9917C095608F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {F4066C44-3438-4079-B5E3-6E25CF84A262} - System32\Tasks\hpUrlLauncher.exe_{ABC2618A-490D-4C18-A022-9951EBF58216} => C:\Program Files\HP\hp deskjet 3050a j611 series\bin\utils\hpUrlLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000Core.job => C:\Users\NANA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000UA.job => C:\Users\NANA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000Core.job => C:\Users\NANA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839386701-1324129299-1537049521-1000UA.job => C:\Users\NANA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-09-07 03:53 - 2014-09-07 03:53 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-08 03:09 - 2014-09-08 03:09 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090800\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-08-13 15:30 - 2014-08-13 15:30 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2011-10-26 07:09 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-07 03:53 - 2014-09-07 03:53 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-08-24 22:03 - 2011-08-24 22:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-09-04 07:59 - 2014-08-29 22:49 - 01098056 _____ () C:\Users\NANA\AppData\Local\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 07:59 - 2014-08-29 22:49 - 00174408 _____ () C:\Users\NANA\AppData\Local\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-04 07:59 - 2014-08-29 22:49 - 08577864 _____ () C:\Users\NANA\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 07:59 - 2014-08-29 22:49 - 00331592 _____ () C:\Users\NANA\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 07:59 - 2014-08-29 22:49 - 01660232 _____ () C:\Users\NANA\AppData\Local\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\CN3391PG0S05R7:NW

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 07:41:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2014 07:36:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary NovaShieldTDIDriver.

System Error:
The system cannot find the file specified.
.

Error: (09/08/2014 07:36:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary NovaShieldFilterDriver.

System Error:
The system cannot find the file specified.
.

Error: (09/08/2014 07:00:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 10:37:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6142180

Error: (09/07/2014 10:37:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6142180

Error: (09/07/2014 10:37:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 10:37:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6140854

Error: (09/07/2014 10:37:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6140854

Error: (09/07/2014 10:37:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (09/08/2014 06:57:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.

Error: (09/07/2014 06:46:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:12:30 AM on ‎9/‎7/‎2014 was unexpected.

Error: (09/07/2014 04:11:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

Error: (09/07/2014 04:10:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.

Error: (09/07/2014 04:10:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (09/07/2014 04:08:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:04:38 AM on ‎9/‎7/‎2014 was unexpected.

Error: (09/07/2014 04:05:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (09/07/2014 04:05:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (09/07/2014 04:04:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

Error: (09/07/2014 00:15:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgdiska
AVGIDSDriver
Avgldx64
Avgtdia
DfsC
discache
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
NetBIOS
NetBT
nsiproxy
Psched
rdbss
SASDIFSV
SASKUTIL
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Microsoft Office Sessions:
=========================
Error: (09/08/2014 07:41:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2014 07:36:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary NovaShieldTDIDriver.

System Error:
The system cannot find the file specified.

Error: (09/08/2014 07:36:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary NovaShieldFilterDriver.

System Error:
The system cannot find the file specified.

Error: (09/08/2014 07:00:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 10:37:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6142180

Error: (09/07/2014 10:37:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6142180

Error: (09/07/2014 10:37:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 10:37:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6140854

Error: (09/07/2014 10:37:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6140854

Error: (09/07/2014 10:37:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 69%
Total physical RAM: 3766.7 MB
Available physical RAM: 1161.95 MB
Total Pagefile: 7531.59 MB
Available Pagefile: 5211.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:387.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 81959B62)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Link to post
Share on other sites

  • Replies 82
  • Created
  • Last Reply

Top Posters In This Topic

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-09-08 16:57:03

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 465.76GB

Running: 0i38sg7l.exe; Driver: C:\Users\NANA\AppData\Local\Temp\kwldqpow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003207000 45 bytes [01, 00, 00, 00, 00, 00, 00, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000320702f 16 bytes [00, 01, E0, DD, 15, A0, F8, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000147de0460

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000147de0450

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000147de0370

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000147de0470

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000147de03e0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000147de0320

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000147de03b0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000147de0390

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000147de02e0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000147de02d0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000147de0310

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000147de03c0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000147de03f0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000147de0230

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000147de0480

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000147de03a0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000147de02f0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000147de0350

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000147de0290

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000147de02b0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000147de03d0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000147de0330

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000147de0410

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000147de0240

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000147de01e0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000147de0250

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000147de0490

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000147de04a0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000147de0300

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000147de0360

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000147de02a0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000147de02c0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000147de0380

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000147de0340

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000147de0440

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000147de0260

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000147de0270

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000147de0400

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000147de01f0

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000147de0210

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000147de0200

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000147de0420

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000147de0430

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000147de0220

.text C:\Windows\System32\smss.exe[348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000147de0280

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000149c90460

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000149c90450

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000149c90370

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000149c90470

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000149c903e0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000149c90320

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000149c903b0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000149c90390

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000149c902e0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000149c902d0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000149c90310

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000149c903c0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000149c903f0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000149c90230

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000149c90480

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000149c903a0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000149c902f0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000149c90350

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000149c90290

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000149c902b0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000149c903d0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000149c90330

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000149c90410

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000149c90240

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000149c901e0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000149c90250

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000149c90490

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000149c904a0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000149c90300

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000149c90360

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000149c902a0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000149c902c0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000149c90380

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000149c90340

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000149c90440

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000149c90260

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000149c90270

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000149c90400

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000149c901f0

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000149c90210

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000149c90200

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000149c90420

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000149c90430

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000149c90220

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000149c90280

.text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\wininit.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000149c90460

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000149c90450

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000149c90370

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000149c90470

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000149c903e0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000149c90320

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000149c903b0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000149c90390

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000149c902e0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000149c902d0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000149c90310

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000149c903c0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000149c903f0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000149c90230

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000149c90480

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000149c903a0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000149c902f0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000149c90350

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000149c90290

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000149c902b0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000149c903d0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000149c90330

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000149c90410

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000149c90240

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000149c901e0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000149c90250

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000149c90490

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000149c904a0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000149c90300

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000149c90360

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000149c902a0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000149c902c0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000149c90380

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000149c90340

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000149c90440

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000149c90260

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000149c90270

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000149c90400

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000149c901f0

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000149c90210

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000149c90200

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000149c90420

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000149c90430

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000149c90220

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000149c90280

.text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\services.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\services.exe[608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220

.text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280

.text C:\Windows\system32\lsass.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220

.text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280

.text C:\Windows\system32\lsm.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\winlogon.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\System32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!

Link to post
Share on other sites

NtAddBootEntry                                                                                                                                                                                    0000000077b31940 5 bytes JMP 0000000077c90230
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                         0000000077b31b00 5 bytes JMP 0000000077c90480
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                        0000000077b31b30 5 bytes JMP 0000000077c903a0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                                 0000000077b31c10 5 bytes JMP 0000000077c902f0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                              0000000077b31c20 5 bytes JMP 0000000077c90350
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                                    0000000077b31c80 5 bytes JMP 0000000077c90290
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                                 0000000077b31d10 5 bytes JMP 0000000077c902b0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                  0000000077b31d30 5 bytes JMP 0000000077c903d0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                                     0000000077b31d40 5 bytes JMP 0000000077c90330
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                              0000000077b31db0 5 bytes JMP 0000000077c90410
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                                 0000000077b31de0 5 bytes JMP 0000000077c90240
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                                      0000000077b320a0 5 bytes JMP 0000000077c901e0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                                 0000000077b32160 5 bytes JMP 0000000077c90250
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                                 0000000077b32190 5 bytes JMP 0000000077c90490
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                        0000000077b321a0 5 bytes JMP 0000000077c904a0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                                   0000000077b321d0 5 bytes JMP 0000000077c90300
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                                0000000077b321e0 5 bytes JMP 0000000077c90360
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                                      0000000077b32240 5 bytes JMP 0000000077c902a0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                                   0000000077b32290 5 bytes JMP 0000000077c902c0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                                      0000000077b322c0 5 bytes JMP 0000000077c90380
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                                       0000000077b322d0 5 bytes JMP 0000000077c90340
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                                0000000077b325c0 5 bytes JMP 0000000077c90440
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                               0000000077b327c0 5 bytes JMP 0000000077c90260
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                                  0000000077b327d0 5 bytes JMP 0000000077c90270
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                0000000077b327e0 5 bytes JMP 0000000077c90400
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                            0000000077b329a0 5 bytes JMP 0000000077c901f0
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                             0000000077b329b0 5 bytes JMP 0000000077c90210
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                                  0000000077b32a20 5 bytes JMP 0000000077c90200
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                                  0000000077b32a80 5 bytes JMP 0000000077c90420
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                                   0000000077b32a90 5 bytes JMP 0000000077c90430
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                              0000000077b32aa0 5 bytes JMP 0000000077c90220
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                                      0000000077b32b80 5 bytes JMP 0000000077c90280
.text     C:\Windows\System32\spoolsv.exe[1516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                           0000000077a1ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                            0000000077b31360 5 bytes JMP 0000000077c90460
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                                     0000000077b313b0 5 bytes JMP 0000000077c90450
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                                     0000000077b31510 5 bytes JMP 0000000077c90370
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                                          0000000077b31560 5 bytes JMP 0000000077c90470
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                                0000000077b31570 5 bytes JMP 0000000077c903e0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                                     0000000077b31620 5 bytes JMP 0000000077c90320
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                              0000000077b31650 5 bytes JMP 0000000077c903b0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                                 0000000077b31670 5 bytes JMP 0000000077c90390
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                                       0000000077b316b0 5 bytes JMP 0000000077c902e0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                                     0000000077b31730 5 bytes JMP 0000000077c902d0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                                   0000000077b31750 5 bytes JMP 0000000077c90310
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                                    0000000077b31790 5 bytes JMP 0000000077c903c0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                                 0000000077b317e0 5 bytes JMP 0000000077c903f0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                                    0000000077b31940 5 bytes JMP 0000000077c90230
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                                         0000000077b31b00 5 bytes JMP 0000000077c90480
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                                        0000000077b31b30 5 bytes JMP 0000000077c903a0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                                 0000000077b31c10 5 bytes JMP 0000000077c902f0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                                              0000000077b31c20 5 bytes JMP 0000000077c90350
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                                    0000000077b31c80 5 bytes JMP 0000000077c90290
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                                 0000000077b31d10 5 bytes JMP 0000000077c902b0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                                  0000000077b31d30 5 bytes JMP 0000000077c903d0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                                     0000000077b31d40 5 bytes JMP 0000000077c90330
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                                              0000000077b31db0 5 bytes JMP 0000000077c90410
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                                 0000000077b31de0 5 bytes JMP 0000000077c90240
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                                      0000000077b320a0 5 bytes JMP 0000000077c901e0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                                 0000000077b32160 5 bytes JMP 0000000077c90250
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                                 0000000077b32190 5 bytes JMP 0000000077c90490
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                                        0000000077b321a0 5 bytes JMP 0000000077c904a0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                                   0000000077b321d0 5 bytes JMP 0000000077c90300
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                                0000000077b321e0 5 bytes JMP 0000000077c90360
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                                      0000000077b32240 5 bytes JMP 0000000077c902a0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                                   0000000077b32290 5 bytes JMP 0000000077c902c0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                                      0000000077b322c0 5 bytes JMP 0000000077c90380
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                                       0000000077b322d0 5 bytes JMP 0000000077c90340
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                                0000000077b325c0 5 bytes JMP 0000000077c90440
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                               0000000077b327c0 5 bytes JMP 0000000077c90260
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                                  0000000077b327d0 5 bytes JMP 0000000077c90270
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                                0000000077b327e0 5 bytes JMP 0000000077c90400
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                                            0000000077b329a0 5 bytes JMP 0000000077c901f0
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                                             0000000077b329b0 5 bytes JMP 0000000077c90210
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                                  0000000077b32a20 5 bytes JMP 0000000077c90200
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                                  0000000077b32a80 5 bytes JMP 0000000077c90420
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                                   0000000077b32a90 5 bytes JMP 0000000077c90430
.text     C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                                             

Link to post
Share on other sites

0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[1556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100070460

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100070450

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100070370

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100070470

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000703e0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100070320

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000703b0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100070390

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000702e0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000702d0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100070310

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000703c0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000703f0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100070230

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100070480

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000703a0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000702f0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100070350

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100070290

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000702b0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000703d0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100070330

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100070410

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100070240

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000701e0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100070250

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100070490

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000704a0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100070300

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100070360

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000702a0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000702c0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100070380

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100070340

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100070440

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100070260

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100070270

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100070400

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000701f0

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100070210

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100070200

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100070420

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100070430

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100070220

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100070280

.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100270460

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100270450

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100270370

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100270470

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001002703e0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100270320

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001002703b0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100270390

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001002702e0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001002702d0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100270310

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001002703c0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001002703f0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100270230

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100270480

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001002703a0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001002702f0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100270350

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100270290

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001002702b0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001002703d0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100270330

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100270410

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100270240

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001002701e0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100270250

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100270490

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001002704a0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100270300

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100270360

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001002702a0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001002702c0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100270380

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100270340

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100270440

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100270260

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100270270

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100270400

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001002701f0

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100270210

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100270200

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100270420

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100270430

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100270220

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100270280

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007765a2fd 1 byte [62]

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore

0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread

Link to post
Share on other sites

                                                                                                                                                                                                                      0000000077b322c0 5 bytes JMP 0000000077c90380
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          0000000077b322d0 5 bytes JMP 0000000077c90340
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   0000000077b325c0 5 bytes JMP 0000000077c90440
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  0000000077b327c0 5 bytes JMP 0000000077c90260
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     0000000077b327d0 5 bytes JMP 0000000077c90270
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   0000000077b327e0 5 bytes JMP 0000000077c90400

.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               0000000077b329a0 5 bytes JMP 0000000077c901f0
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                0000000077b329b0 5 bytes JMP 0000000077c90210
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000077b32a20 5 bytes JMP 0000000077c90200
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000077b32a80 5 bytes JMP 0000000077c90420
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000077b32a90 5 bytes JMP 0000000077c90430
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000077b32aa0 5 bytes JMP 0000000077c90220
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000077b32b80 5 bytes JMP 0000000077c90280
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                              000000007765a2fd 1 byte [62]
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                                 0000000077b31360 5 bytes JMP 0000000077c90460
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                          0000000077b313b0 5 bytes JMP 0000000077c90450
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                          0000000077b31510 5 bytes JMP 0000000077c90370
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                               0000000077b31560 5 bytes JMP 0000000077c90470
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                     0000000077b31570 5 bytes JMP 0000000077c903e0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                          0000000077b31620 5 bytes JMP 0000000077c90320
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                   0000000077b31650 5 bytes JMP 0000000077c903b0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                      0000000077b31670 5 bytes JMP 0000000077c90390
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                            0000000077b316b0 5 bytes JMP 0000000077c902e0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                          0000000077b31730 5 bytes JMP 0000000077c902d0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                        0000000077b31750 5 bytes JMP 0000000077c90310
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                         0000000077b31790 5 bytes JMP 0000000077c903c0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                      0000000077b317e0 5 bytes JMP 0000000077c903f0
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                         0000000077b31940 5 bytes JMP 0000000077c90230
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                              0000000077b31b00 5 bytes JMP 0000000077c90480
.text     C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 

Link to post
Share on other sites

0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Program Files\Bonjour\mDNSResponder.exe[1776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100090460

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100090450

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100090370

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100090470

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000903e0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100090320

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000903b0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100090390

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000902e0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000902d0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100090310

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000903c0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000903f0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100090230

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100090480

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000903a0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000902f0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100090350

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100090290

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000902b0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000903d0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100090330

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100090410

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100090240

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000901e0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100090250

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100090490

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000904a0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100090300

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100090360

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000902a0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000902c0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100090380

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100090340

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100090440

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100090260

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100090270

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100090400

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000901f0

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100090210

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100090200

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100090420

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100090430

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100090220

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100090280

.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007765a2fd 1 byte [62]

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant

Link to post
Share on other sites

0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100090460

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!

NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100090450

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100090370

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100090470

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000903e0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100090320

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000903b0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100090390

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000902e0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000902d0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100090310

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000903c0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000903f0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100090230

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100090480

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000903a0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000902f0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100090350

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100090290

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000902b0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000903d0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100090330

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100090410

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100090240

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000901e0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100090250

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100090490

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000904a0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100090300

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100090360

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000902a0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000902c0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100090380

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100090340

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100090440

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100090260

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100090270

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100090400

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000901f0

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100090210

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100090200

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100090420

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100090430

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100090220

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100090280

.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1872] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007765a2fd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[1896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100230460

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100230450

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100230370

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100230470

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001002303e0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100230320

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001002303b0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100230390

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001002302e0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001002302d0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100230310

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001002303c0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001002303f0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100230230

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100230480

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001002303a0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001002302f0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100230350

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100230290

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001002302b0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001002303d0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100230330

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100230410

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100230240

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001002301e0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100230250

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100230490

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001002304a0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100230300

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100230360

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001002302a0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001002302c0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100230380

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100230340

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100230440

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100230260

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100230270

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100230400

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001002301f0

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100230210

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100230200

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100230420

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100230430

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100230220

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100230280

.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007765a2fd 1 byte [62]

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe[1964] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 00000001000a0460

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 00000001000a0450

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 00000001000a0370

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 00000001000a0470

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000a03e0

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 00000001000a0320

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000a03b0

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 00000001000a0390

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000a02e0

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000a02d0

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 00000001000a0310

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000a03c0

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000a03f0

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 00000001000a0230

.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort

Link to post
Share on other sites

.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                             0000000077b32a90 5 bytes JMP 00000001000a0430
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                        0000000077b32aa0 5 bytes JMP 00000001000a0220
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                0000000077b32b80 5 bytes JMP 00000001000a0280
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                     000000007765a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                             0000000077b31360 5 bytes JMP 0000000077c90460
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                      0000000077b313b0 5 bytes JMP 0000000077c90450
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                      0000000077b31510 5 bytes JMP 0000000077c90370
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                           0000000077b31560 5 bytes JMP 0000000077c90470
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                 0000000077b31570 5 bytes JMP 0000000077c903e0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                      0000000077b31620 5 bytes JMP 0000000077c90320
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                               0000000077b31650 5 bytes JMP 0000000077c903b0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                  0000000077b31670 5 bytes JMP 0000000077c90390
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                        0000000077b316b0 5 bytes JMP 0000000077c902e0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                      0000000077b31730 5 bytes JMP 0000000077c902d0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                    0000000077b31750 5 bytes JMP 0000000077c90310
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                     0000000077b31790 5 bytes JMP 0000000077c903c0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                  0000000077b317e0 5 bytes JMP 0000000077c903f0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                     0000000077b31940 5 bytes JMP 0000000077c90230
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                          0000000077b31b00 5 bytes JMP 0000000077c90480
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                         0000000077b31b30 5 bytes JMP 0000000077c903a0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                  0000000077b31c10 5 bytes JMP 0000000077c902f0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                               0000000077b31c20 5 bytes JMP 0000000077c90350
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                     0000000077b31c80 5 bytes JMP 0000000077c90290
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                  0000000077b31d10 5 bytes JMP 0000000077c902b0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                   0000000077b31d30 5 bytes JMP 0000000077c903d0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer
                                          0000000077b31d40 5 bytes JMP 0000000077c90330
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                               0000000077b31db0 5 bytes JMP 0000000077c90410
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                  0000000077b31de0 5 bytes JMP 0000000077c90240
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                       0000000077b320a0 5 bytes JMP 0000000077c901e0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                  0000000077b32160 5 bytes JMP 0000000077c90250
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                  0000000077b32190 5 bytes JMP 0000000077c90490
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                         0000000077b321a0 5 bytes JMP 0000000077c904a0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                    0000000077b321d0 5 bytes JMP 0000000077c90300
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                 0000000077b321e0 5 bytes JMP 0000000077c90360
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                       0000000077b32240 5 bytes JMP 0000000077c902a0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                    0000000077b32290 5 bytes JMP 0000000077c902c0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                       0000000077b322c0 5 bytes JMP 0000000077c90380
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                        0000000077b322d0 5 bytes JMP 0000000077c90340
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                 0000000077b325c0 5 bytes JMP 0000000077c90440
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                0000000077b327c0 5 bytes JMP 0000000077c90260
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                   0000000077b327d0 5 bytes JMP 0000000077c90270
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                 0000000077b327e0 5 bytes JMP 0000000077c90400
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                             0000000077b329a0 5 bytes JMP 0000000077c901f0
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                              0000000077b329b0 5 bytes JMP 0000000077c90210
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                   0000000077b32a20 5 bytes JMP 0000000077c90200
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                   0000000077b32a80 5 bytes JMP 0000000077c90420
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                    0000000077b32a90 5 bytes JMP 0000000077c90430
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                               0000000077b32aa0 5 bytes JMP 0000000077c90220
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                       0000000077b32b80 5 bytes JMP 0000000077c90280
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                            000000007765a2fd 1 byte [62]
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                         0000000077b31360 5 bytes JMP 0000000100090460
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                  0000000077b313b0 5 bytes JMP 0000000100090450
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                  0000000077b31510 5 bytes JMP 0000000100090370
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                       0000000077b31560 5 bytes JMP 0000000100090470
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                             0000000077b31570 5 bytes JMP 00000001000903e0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                  0000000077b31620 5 bytes JMP 0000000100090320
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                           0000000077b31650 5 bytes JMP 00000001000903b0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                              0000000077b31670 5 bytes JMP 0000000100090390
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                    0000000077b316b0 5 bytes JMP 00000001000902e0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                  0000000077b31730 5 bytes JMP 00000001000902d0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                0000000077b31750 5 bytes JMP 0000000100090310
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                 0000000077b31790 5 bytes JMP 00000001000903c0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                              0000000077b317e0 5 bytes JMP 00000001000903f0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                 0000000077b31940 5 bytes JMP 0000000100090230
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                      0000000077b31b00 5 bytes JMP 0000000100090480
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                     0000000077b31b30 5 bytes JMP 00000001000903a0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                              0000000077b31c10 5 bytes JMP 00000001000902f0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                           0000000077b31c20 5 bytes JMP 0000000100090350
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                 0000000077b31c80 5 bytes JMP 0000000100090290
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                              0000000077b31d10 5 bytes JMP 00000001000902b0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                               0000000077b31d30 5 bytes JMP 00000001000903d0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                  0000000077b31d40 5 bytes JMP 0000000100090330
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                           0000000077b31db0 5 bytes JMP 0000000100090410
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                              0000000077b31de0 5 bytes JMP 0000000100090240
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                   0000000077b320a0 5 bytes JMP 00000001000901e0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                              0000000077b32160 5 bytes JMP 0000000100090250
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                              0000000077b32190 5 bytes JMP 0000000100090490
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                     0000000077b321a0 5 bytes JMP 00000001000904a0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                0000000077b321d0 5 bytes JMP 0000000100090300
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion

Link to post
Share on other sites

0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000100090460

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000100090450

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000100090370

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000100090470

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000903e0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000100090320

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000903b0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000100090390

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000902e0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000902d0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000100090310

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000903c0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000903f0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000100090230

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000100090480

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000903a0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair

Link to post
Share on other sites

0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c10 5 bytes JMP 00000001000902f0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000100090350

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000100090290

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000902b0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000903d0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000100090330

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000100090410

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000100090240

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000901e0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000100090250

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000100090490

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000904a0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000100090300

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000100090360

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000902a0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000902c0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000100090380

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000100090340

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000100090440

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000100090260

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000100090270

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000100090400

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000901f0

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000100090210

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000100090200

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000100090420

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000100090430

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000100090220

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000100090280

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007765a2fd 1 byte [62]

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778a1465 2 bytes [8A, 77]

.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778a14bb 2 bytes [8A, 77]

.text ... * 2

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 00000001000d0460

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 00000001000d0450

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 00000001000d0370

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 00000001000d0470

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 00000001000d03e0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 00000001000d0320

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 00000001000d03b0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 00000001000d0390

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 00000001000d02e0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 00000001000d02d0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 00000001000d0310

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 00000001000d03c0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 00000001000d03f0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 00000001000d0230

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 00000001000d0480

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 00000001000d03a0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 00000001000d02f0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 00000001000d0350

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 00000001000d0290

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 00000001000d02b0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 00000001000d03d0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 00000001000d0330

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 00000001000d0410

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 00000001000d0240

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 00000001000d01e0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 00000001000d0250

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 00000001000d0490

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 00000001000d04a0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 00000001000d0300

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 00000001000d0360

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 00000001000d02a0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 00000001000d02c0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 00000001000d0380

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 00000001000d0340

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 00000001000d0440

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 00000001000d0260

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 00000001000d0270

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 00000001000d0400

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 00000001000d01f0

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 00000001000d0210

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 00000001000d0200

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 00000001000d0420

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 00000001000d0430

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 00000001000d0220

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 00000001000d0280

.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007765a2fd 1 byte [62]

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver

Link to post
Share on other sites

                                                 0000000077b31b00 5 bytes JMP 00000001000a0480
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                  0000000077b31b30 5 bytes JMP 00000001000a03a0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                           0000000077b31c10 5 bytes JMP 00000001000a02f0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                        0000000077b31c20 5 bytes JMP 00000001000a0350
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                              0000000077b31c80 5 bytes JMP 00000001000a0290
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                           0000000077b31d10 5 bytes JMP 00000001000a02b0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                            0000000077b31d30 5 bytes JMP 00000001000a03d0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                               0000000077b31d40 5 bytes JMP 00000001000a0330
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                        0000000077b31db0 5 bytes JMP 00000001000a0410
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                           0000000077b31de0 5 bytes JMP 00000001000a0240
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                0000000077b320a0 5 bytes JMP 00000001000a01e0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                           0000000077b32160 5 bytes JMP 00000001000a0250
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                           0000000077b32190 5 bytes JMP 00000001000a0490
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                  0000000077b321a0 5 bytes JMP 00000001000a04a0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                             0000000077b321d0 5 bytes JMP 00000001000a0300
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                          0000000077b321e0 5 bytes JMP 00000001000a0360
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                0000000077b32240 5 bytes JMP 00000001000a02a0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                             0000000077b32290 5 bytes JMP 00000001000a02c0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                0000000077b322c0 5 bytes JMP 00000001000a0380
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                 0000000077b322d0 5 bytes JMP 00000001000a0340
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                          0000000077b325c0 5 bytes JMP 00000001000a0440
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                         0000000077b327c0 5 bytes JMP 00000001000a0260
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                            0000000077b327d0 5 bytes JMP 00000001000a0270
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                          0000000077b327e0 5 bytes JMP 00000001000a0400
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                      0000000077b329a0 5 bytes JMP 00000001000a01f0
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                       0000000077b329b0 5 bytes JMP 00000001000a0210
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                            0000000077b32a20 5 bytes JMP 00000001000a0200
.text     C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                            0000000077b32a80 5 bytes JMP 00000001000a0420
                                                                                                                                             0000000077b321e0 5 bytes JMP 0000000100090360
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                   0000000077b32240 5 bytes JMP 00000001000902a0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                0000000077b32290 5 bytes JMP 00000001000902c0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                   0000000077b322c0 5 bytes JMP 0000000100090380
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                    0000000077b322d0 5 bytes JMP 0000000100090340
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                             0000000077b325c0 5 bytes JMP 0000000100090440
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                            0000000077b327c0 5 bytes JMP 0000000100090260
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                               0000000077b327d0 5 bytes JMP 0000000100090270
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                             0000000077b327e0 5 bytes JMP 0000000100090400
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                         0000000077b329a0 5 bytes JMP 00000001000901f0
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                          0000000077b329b0 5 bytes JMP 0000000100090210
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                               0000000077b32a20 5 bytes JMP 0000000100090200
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                               0000000077b32a80 5 bytes JMP 0000000100090420
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                0000000077b32a90 5 bytes JMP 0000000100090430
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                           0000000077b32aa0 5 bytes JMP 0000000100090220
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                   0000000077b32b80 5 bytes JMP 0000000100090280
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                        000000007765a2fd 1 byte [62]
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                          000000007765a2fd 1 byte [62]
.text     C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                         0000000077b31360 5 bytes JMP 0000000077c90460
.text     C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                  0000000077b313b0 5 bytes JMP 0000000077c90450
.text     C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                  0000000077b31510 5 bytes JMP 0000000077c90370
.text     C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                       0000000077b31560 5 bytes JMP 0000000077c90470
.text     C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                             0000000077b31570 5 bytes JMP 0000000077c903e0
.text     C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                  0000000077b31620 5

Link to post
Share on other sites

bytes JMP 0000000077c90320

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b32a20 5 bytes JMP 0000000077c90200

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b32a80 5 bytes JMP 0000000077c90420

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b32a90 5 bytes JMP 0000000077c90430

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b32aa0 5 bytes JMP 0000000077c90220

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b32b80 5 bytes JMP 0000000077c90280

.text C:\Windows\system32\svchost.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1ef8d 1 byte [62]

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b31360 5 bytes JMP 0000000077c90460

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b313b0 5 bytes JMP 0000000077c90450

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b31510 5 bytes JMP 0000000077c90370

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b31560 5 bytes JMP 0000000077c90470

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b31570 5 bytes JMP 0000000077c903e0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b31620 5 bytes JMP 0000000077c90320

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b31650 5 bytes JMP 0000000077c903b0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b31670 5 bytes JMP 0000000077c90390

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b316b0 5 bytes JMP 0000000077c902e0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b31730 5 bytes JMP 0000000077c902d0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b31750 5 bytes JMP 0000000077c90310

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b31790 5 bytes JMP 0000000077c903c0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b317e0 5 bytes JMP 0000000077c903f0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b31940 5 bytes JMP 0000000077c90230

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b31b00 5 bytes JMP 0000000077c90480

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b31b30 5 bytes JMP 0000000077c903a0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b31c10 5 bytes JMP 0000000077c902f0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b31c20 5 bytes JMP 0000000077c90350

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b31c80 5 bytes JMP 0000000077c90290

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b31d10 5 bytes JMP 0000000077c902b0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b31d30 5 bytes JMP 0000000077c903d0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b31d40 5 bytes JMP 0000000077c90330

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b31db0 5 bytes JMP 0000000077c90410

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b31de0 5 bytes JMP 0000000077c90240

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b320a0 5 bytes JMP 0000000077c901e0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b32160 5 bytes JMP 0000000077c90250

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b32190 5 bytes JMP 0000000077c90490

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b321a0 5 bytes JMP 0000000077c904a0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b321d0 5 bytes JMP 0000000077c90300

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b321e0 5 bytes JMP 0000000077c90360

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b32240 5 bytes JMP 0000000077c902a0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b32290 5 bytes JMP 0000000077c902c0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b322c0 5 bytes JMP 0000000077c90380

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b322d0 5 bytes JMP 0000000077c90340

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b325c0 5 bytes JMP 0000000077c90440

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b327c0 5 bytes JMP 0000000077c90260

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b327d0 5 bytes JMP 0000000077c90270

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b327e0 5 bytes JMP 0000000077c90400

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b329a0 5 bytes JMP 0000000077c901f0

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b329b0 5 bytes JMP 0000000077c90210

.text C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem

Link to post
Share on other sites

                                                0000000077b32a20 5 bytes JMP 0000000077c90200
.text     C:\Program Files (x86)\Windows Optimizer\optimizer.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                           0000000077b32a80 5 bytes JMP 0000000077c90420
.text     C:\Program Files (x86)\Windows Optimizer\optimizer.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                            0000000077b32a90 5 bytes JMP 0000000077c90430
.text     C:\Program Files (x86)\Windows Optimizer\optimizer.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                       0000000077b32aa0 5 bytes JMP 0000000077c90220
.text     C:\Program Files (x86)\Windows Optimizer\optimizer.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                               0000000077b32b80 5 bytes JMP 0000000077c90280
.text     C:\Program Files (x86)\Windows Optimizer\optimizer.exe[2616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                    000000007765a2fd 1 byte [62]
.text     C:\Program Files (x86)\Windows Optimizer\optimizer.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                                  00000000778a1465 2 bytes [8A, 77]
.text     C:\Program Files (x86)\Windows Optimizer\optimizer.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                                 00000000778a14bb 2 bytes [8A, 77]
.text     ...                                                                                                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                    0000000077b31360 5 bytes JMP 0000000077c90460
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                             0000000077b313b0 5 bytes JMP 0000000077c90450
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                             0000000077b31510 5 bytes JMP 0000000077c90370
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                  0000000077b31560 5 bytes JMP 0000000077c90470
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                        0000000077b31570 5 bytes JMP 0000000077c903e0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                             0000000077b31620 5 bytes JMP 0000000077c90320
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                      0000000077b31650 5 bytes JMP 0000000077c903b0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                         0000000077b31670 5 bytes JMP 0000000077c90390
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                               0000000077b316b0 5 bytes JMP 0000000077c902e0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                             0000000077b31730 5 bytes JMP 0000000077c902d0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                           0000000077b31750 5 bytes JMP 0000000077c90310
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                            0000000077b31790 5 bytes JMP 0000000077c903c0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                         0000000077b317e0 5 bytes JMP 0000000077c903f0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                            0000000077b31940 5 bytes JMP 0000000077c90230
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                 0000000077b31b00 5 bytes JMP 0000000077c90480
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                0000000077b31b30 5 bytes JMP 0000000077c903a0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                         0000000077b31c10 5 bytes JMP 0000000077c902f0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                      0000000077b31c20 5 bytes JMP 0000000077c90350
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                            0000000077b31c80 5 bytes JMP 0000000077c90290
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                         0000000077b31d10 5 bytes JMP 0000000077c902b0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                          0000000077b31d30 5 bytes JMP 0000000077c903d0
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                             0000000077b31d40 5 bytes JMP 0000000077c90330
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                      0000000077b31db0 5 bytes JMP 0000000077c90410
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                         0000000077b31de0 5 bytes JMP 0000000077c90240
.text     C:\Program Files (x86)\Win Application\applications.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                              Â