1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

*Claro Search Removal and Other Possible Problems*

Discussion in 'Virus & Other Malware Removal' started by bjay100, Jan 25, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    Hello,

    My son's computer has become impossibly slow and takes a very long time to boot up. I have noticed he has "Claro Search" and have seen that this is not a good thing. Please help me get the bad stuff off his computer. :)

    He's a kid, a gamer, and not savvy yet as to malware (but soon will be)....so who knows what he's got on his computer.

    I'm pasting in the HijackThis log. I will submit the dds.txt, attach.txt, ark.txt in separate posts.

    -----------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:28:53 AM, on 1/25/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    C:\Program Files\CrashPlan\CrashPlanTray.exe
    C:\Users\keith\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\keith\Downloads\Cleanup\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb185?a=6R8Olg7kU0&i=26
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - (no file)
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll
    O2 - BHO: Play Pickle Text - {02F0243C-2E71-4a1a-A790-6C30888119D0} - C:\Program Files (x86)\Play Pickle\pptl.dll
    O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: (no name) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
    O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll
    O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
    O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Google Update] "C:\Users\keith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - (no file)
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file)
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1272340854037
    O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} (VMware Remote Console Plug-in 2.5.0.00000) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{523BD546-3404-403F-ACA1-9654AD3E03BF}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{523BD546-3404-403F-ACA1-9654AD3E03BF}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{523BD546-3404-403F-ACA1-9654AD3E03BF}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files\CrashPlan\CrashPlanService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - TigerVNC Project - C:\Program Files (x86)\TigerVNC\winvnc4.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 13804 bytes
     
  2. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.11.2
    Run by keith at 10:31:19 on 2013-01-25
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4093.2276 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    C:\Program Files\CrashPlan\CrashPlanService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\CrashPlan\CrashPlanTray.exe
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\Windows\system32\dmwu.exe
    C:\Users\keith\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\keith\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Program Files (x86)\Sendori\SendoriUp.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\keith\Downloads\Cleanup\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredibar.com/mb185?a=6R8Olg7kU0&i=26
    uURLSearchHooks: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - <orphaned>
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    mWinlogon: Userinit = userinit.exe
    BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll
    BHO: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} - C:\Program Files (x86)\Play Pickle\pptl.dll
    BHO: {100EB1FD-D03E-47fd-81F3-EE91287F9465} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll
    TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - <orphaned>
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Google Update] "C:\Users\keith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - <orphaned>
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - <orphaned>
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - <orphaned>
    LSP: C:\Windows\System32\Sendori.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1272340854037
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{523BD546-3404-403F-ACA1-9654AD3E03BF} : NameServer = 216.146.35.240,216.146.36.240,192.168.0.1
    TCP: Interfaces\{523BD546-3404-403F-ACA1-9654AD3E03BF} : DHCPNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= c:\progra~3\browse~1\25986~1.67\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
    x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
    x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 192.168.1.149 black
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\8wr6uok0.default-1358205759777\
    FF - prefs.js: browser.search.selectedEngine - Claro Search
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\keith\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-05 19:48; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2012-12-05 19:48; {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}; C:\Program Files (x86)\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
    FF - ExtSQL: 2012-12-15 12:51; {336D0C35-8A85-403a-B9D2-65C292C39087}; C:\Program Files\IB Updater\Firefox
    FF - ExtSQL: 2013-01-12 16:05; {58bd07eb-0ee0-4df0-8121-dc9b693373df}; C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-1-26 133728]
    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-1-26 211040]
    R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2012-1-26 142944]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-4-22 28504]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-5-31 819032]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-5-31 337240]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-1-26 3450832]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-5-31 24408]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-5-31 69976]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-4-22 44768]
    R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2012-12-15 2443800]
    R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2012-12-15 188760]
    R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2012-12-15 1261936]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-9 382824]
    R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-19 2358656]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2010-6-20 1793976]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-1-26 367200]
    R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-19 314400]
    R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-5-12 154624]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2010-6-20 12096]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-23 19456]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-23 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
    S4 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    S4 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-01-15 23:09:30 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-15 23:08:25 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-12 23:34:15 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-12 23:34:13 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-12 23:31:45 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-12 23:31:43 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-12 23:31:40 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-12 23:31:39 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-12 23:31:30 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-12 23:31:29 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-12 23:31:09 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-12 23:31:08 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-12 23:29:59 23552 ----a-w- C:\Windows\SysWow64\oflc.rs
    2013-01-12 23:29:58 23552 ----a-w- C:\Windows\System32\oflc.rs
    2013-01-12 23:29:56 55296 ----a-w- C:\Windows\SysWow64\cero.rs
    2013-01-12 23:29:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2013-01-12 23:24:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-12 23:24:58 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2013-01-12 23:24:58 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-01-12 23:24:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2013-01-12 23:24:57 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-01-12 23:24:55 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-12 23:24:09 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-12 23:24:02 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 12:33:03 -------- d-----w- C:\Users\keith\AppData\Local\PixelTail
    2013-01-03 05:55:12 -------- d-----w- C:\Users\keith\AppData\Local\Chromium
    .
    ==================== Find3M ====================
    .
    2013-01-15 23:08:08 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-01-03 05:55:13 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-01-03 05:55:13 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-12-20 02:27:47 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-10 23:01:54 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-12-07 10:46:42 43520 ----a-w- C:\Windows\SysWow64\csrr.rs
    2012-12-07 10:46:42 30720 ----a-w- C:\Windows\SysWow64\usk.rs
    2012-12-07 10:46:41 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46:41 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46:41 20480 ----a-w- C:\Windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46:40 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46:39 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
    2012-12-07 10:46:39 20480 ----a-w- C:\Windows\SysWow64\pegi.rs
    2012-12-07 10:46:38 21504 ----a-w- C:\Windows\SysWow64\grb.rs
    2012-12-07 10:46:37 40960 ----a-w- C:\Windows\SysWow64\cob-au.rs
    2012-12-07 10:46:37 15360 ----a-w- C:\Windows\SysWow64\djctq.rs
    2012-12-07 10:46:36 51712 ----a-w- C:\Windows\SysWow64\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 11:44:26 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-11-09 11:44:25 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-11-09 11:44:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-11-09 11:44:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-11-09 11:43:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-11-09 11:42:50 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-11-09 11:22:48 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 22:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
    2012-11-02 22:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll
    2012-11-02 22:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll
    2012-11-02 22:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
    2012-11-02 22:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys
    2012-11-02 22:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
    2012-11-02 22:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
    2012-11-02 22:38:36 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 10:32:37.35 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/10/2010 1:43:00 PM
    System Uptime: 1/25/2013 10:02:37 AM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DG31PR
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | J3E1 | 2599/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1863 GiB total, 1337.138 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\MEDIA\0001
    Manufacturer:
    Name:
    PNP Device ID: ROOT\MEDIA\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP416: 1/12/2013 8:13:11 PM - Installed DirectX
    RP417: 1/13/2013 3:01:07 AM - Windows Update
    RP418: 1/15/2013 4:01:44 PM - Removed Java(TM) 6 Update 24
    RP419: 1/15/2013 4:07:23 PM - Installed Java 7 Update 11
    RP420: 1/16/2013 3:00:17 AM - Windows Update
    RP421: 1/16/2013 2:27:58 PM - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Ace of Spades
    Acrobat.com
    Acronis True Image Home 2012
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5
    Age of Chivalry
    AirPort
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Alien Swarm
    Alliance of Valiant Arms
    APB Reloaded
    Apple Software Update
    Assassin's Creed Brotherhood
    Audiosurf Demo
    AV Voice Changer Software DIAMOND 6.0
    AV Voice Changer Software DIAMOND 7.0
    avast! Pro Antivirus
    Battleground Europe
    Black & White® 2 Demo
    Blacklight: Retribution
    blinkx beat
    Bonjour
    Borderlands
    Brink
    BrowserProtect
    Call of Duty: Black Ops II
    Call of Duty: Black Ops II - Multiplayer
    Call of Duty: Black Ops II - Zombies
    Call of Duty: Modern Warfare 3
    Call of Duty: Modern Warfare 3 - Multiplayer
    CCleaner
    Chivalry: Medieval Warfare
    Claro Chrome Toolbar
    Claro LTD toolbar
    Counter-Strike
    Counter-Strike: Condition Zero
    Counter-Strike: Condition Zero Deleted Scenes
    Counter-Strike: Global Offensive Beta
    Counter-Strike: Source Beta
    CrashPlan
    Curse Client
    Darkspore™
    Dino D-Day
    Dota 2
    Dual-Core Optimizer
    DUNGEONS - Steam Special Edition
    EA Download Manager
    Elder Scrolls V: Skyrim Prima Guide
    GameStop App
    Garry's Mod
    Garry's Mod 13
    Google Chrome
    Google SketchUp 8
    Gotham City Impostors: Free To Play
    Half-Life 2
    Half-Life 2: Deathmatch
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Half-Life Deathmatch: Source
    Half-Life: Blue Shift
    Half-Life: Opposing Force
    Hell Yeah!
    IB Updater 2.0.0.530
    IB Updater Service
    Incredibar Toolbar on IE
    Java 7 Update 11
    Java Auto Updater
    join.me
    Just Cause 2
    Left 4 Dead 2
    LogMeIn Hamachi
    Math Blaster
    Maxthon 3
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Flight
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Mouse and Keyboard Center
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0 Refresh
    MorphVOX Junior
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Natural Selection 2
    NVIDIA 3D Vision Controller Driver 310.54
    NVIDIA 3D Vision Driver 310.54
    NVIDIA Control Panel 310.54
    NVIDIA Graphics Driver 310.54
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    OpenAL
    OpenOffice.org 3.3
    Optimizer Pro v3.0
    ORION: Dino Beatdown
    ORION: Dino Beatdown Dedicated Server
    PDFCreator
    PlanetSide 2
    Plants vs. Zombies: Game of the Year
    Portal
    PunkBuster Services
    PVSonyDll
    Rayman 2 - The Great Escape
    Rayman Origins
    Rayman Origins Demo
    Razer BlackWidow Ultimate
    Resident Evil: Operation Raccoon City
    Saints Row: The Third
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Sendori
    Skype Click to Call
    Skype™ 6.0
    Skyrim Online version 1.0
    Source SDK
    SPORE™
    StarCraft II
    Steam
    Super Monday Night Combat
    Synergy
    Team Fortress 2
    Team Fortress 2 Beta
    Team Fortress Classic
    TeamViewer 6
    Terraria
    The Darkness II
    The Elder Scrolls V: Skyrim
    The War Z version alpha
    Thief - Deadly Shadows
    TigerVNC 1.0.1
    Ubisoft Game Launcher
    Ultima Online Stygian Abyss
    UltraVNC 1.0.8.2
    Unity Web Player
    Unreal Development Kit
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Ventrilo Client
    VMware Remote Console Plug-in
    Wajam
    Warcraft III
    Warcraft III: All Products
    Windows Live ID Sign-in Assistant
    WinRAR 4.01 (32-bit)
    WolfTeam
    World of Warcraft
    World of Warcraft Beta
    XCOM: Enemy Unknown Demo
    Xvid Video Codec
    Zombie Panic Source
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/25/2013 10:08:02 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/25/2013 10:08:02 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    1/25/2013 10:06:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/25/2013 10:06:00 AM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
    1/25/2013 10:02:52 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    1/25/2013 10:02:52 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    1/24/2013 3:42:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
    1/24/2013 3:42:14 PM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/22/2013 4:10:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Acronis Nonstop Backup Service service to connect.
    .
    ==== End Of File ===========================
     
  3. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    I have the GMER log...but everytime I try to submit it, I get told to wait, that there is a wait to process my request and then I get redirected to a blank page. Not sure if the forums are having problems or if it's on my end.
     
  4. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    Going to try to submit it in parts......
     
  5. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-25 11:17:02
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST32000542AS rev.CC34 1863.02GB
    Running: ugh13wlv.exe; Driver: C:\Users\keith\AppData\Local\Temp\fwlcqpow.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 000000014a070390
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 000000014a070380
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 000000014a0703a0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 000000014a070320
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 000000014a0702e0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 000000014a0702d0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 000000014a070310
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 000000014a070230
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0xffffffffd300e890}
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 000000014a0703b0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 000000014a070370
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 000000014a0702f0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 000000014a070350
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 000000014a070290
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 000000014a0702b0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 000000014a070330
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0xffffffffd300e590}
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 000000014a070240
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 000000014a0701e0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 000000014a070250
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0xffffffffd300e090}
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 000000014a0703c0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 000000014a0703d0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 000000014a070300
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 000000014a070360
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 000000014a0702a0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 000000014a0702c0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 000000014a070340
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 000000014a070260
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 000000014a070270
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 000000014a0701f0
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 000000014a070210
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 000000014a070200
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 000000014a070220
    .text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 000000014a070280
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010018075c
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001803a4
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100180b14
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100180ecc
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010018163c
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100181284
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000076f18550 5 bytes JMP 000000010041075c
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 0000000076f1d440 5 bytes JMP 0000000100411284
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076f1f874 5 bytes JMP 0000000100410ecc
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076f24d4c 5 bytes JMP 00000001004103a4
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076f38c20 5 bytes JMP 0000000100410b14
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 0000000100120390
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 0000000100120380
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000001001203a0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 0000000100120320
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000001001202e0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000001001202d0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 0000000100120310
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 0000000100120230
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0xffffffff890be890}
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000001001203b0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 0000000100120370
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000001001202f0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 0000000100120350
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 0000000100120290
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000001001202b0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 0000000100120330
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0xffffffff890be590}
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 0000000100120240
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000001001201e0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 0000000100120250
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0xffffffff890be090}
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000001001203c0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000001001203d0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 0000000100120300
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 0000000100120360
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000001001202a0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000001001202c0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 0000000100120340
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 0000000100120260
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 0000000100120270
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000001001201f0
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 0000000100120210
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 0000000100120200
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 0000000100120220
    .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 0000000100120280
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001002c075c
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002c03a4
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001002c0b14
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001002c0ecc
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001002c163c
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001002c1284
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000076f18550 5 bytes JMP 000000010041075c
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 0000000076f1d440 5 bytes JMP 0000000100411284
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076f1f874 5 bytes JMP 0000000100410ecc
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076f24d4c 5 bytes JMP 00000001004103a4
    .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076f38c20 5 bytes JMP 0000000100410b14
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010024075c
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002403a4
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100240b14
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100240ecc
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010024163c
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100241284
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\services.exe[768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\services.exe[768] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000076f18550 5 bytes JMP 000000010053075c
    .text C:\Windows\system32\services.exe[768] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 0000000076f1d440 5 bytes JMP 0000000100531284
    .text C:\Windows\system32\services.exe[768] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076f1f874 5 bytes JMP 0000000100530ecc
    .text C:\Windows\system32\services.exe[768] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076f24d4c 5 bytes JMP 00000001005303a4
    .text C:\Windows\system32\services.exe[768] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076f38c20 5 bytes JMP 0000000100530b14
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 3 bytes JMP 000000010028075c
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4 0000000077033ae4 1 byte [89]
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 3 bytes JMP 00000001002803a4
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4 0000000077037a94 1 byte [89]
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100280b14
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100280ecc
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010028163c
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100281284
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\lsass.exe[800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010017075c
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001703a4
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100170b14
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100170ecc
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010017163c
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100171284
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\lsm.exe[808] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001002d075c
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002d03a4
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001002d0b14
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001002d0ecc
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001002d163c
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001002d1284
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[912] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001001f075c
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001f03a4
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001001f0b14
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001001f0ecc
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001001f163c
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001001f1284
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001b0c0c
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100231014
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100230804
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100230a08
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100230c0c
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100230e10
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002301f8
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002303fc
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100230600
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002401f8
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002403fc
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100240804
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100240600
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100240a08
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010038075c
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003803a4
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100380b14
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100380ecc
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010038163c
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100381284
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[508] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001003b075c
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003b03a4
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001003b0b14
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001003b0ecc
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001003b163c
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001003b1284
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001003b075c
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003b03a4
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001003b0b14
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001003b0ecc
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001003b163c
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001003b1284
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\System32\svchost.exe[864] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010021075c
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002103a4
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100210b14
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100210ecc
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010021163c
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100211284
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100250a08
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010016075c
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001603a4
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100160b14
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100160ecc
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010016163c
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100161284
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001001b075c
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001b03a4
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001001b0b14
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001001b0ecc
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001001b163c
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001001b1284
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010019075c
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001903a4
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100190b14
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100190ecc
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010019163c
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100191284
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[1280] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010026075c
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002603a4
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100260b14
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100260ecc
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010026163c
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100261284
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010017075c
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001703a4
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100170b14
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100170ecc
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
     
  6. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010017163c
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100171284
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010026075c
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002603a4
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100260b14
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100260ecc
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010026163c
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100261284
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\taskhost.exe[1812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010036075c
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003603a4
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 0000000100080390
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 0000000100080380
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100360b14
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100360ecc
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000001000803a0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010036163c
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 0000000100080320
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000001000802e0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000001000802d0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 0000000100080310
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100361284
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 0000000100080230
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0xffffffff8901e890}
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000001000803b0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 0000000100080370
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000001000802f0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 0000000100080350
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 0000000100080290
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000001000802b0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 0000000100080330
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0xffffffff8901e590}
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 0000000100080240
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000001000801e0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 0000000100080250
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0xffffffff8901e090}
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000001000803c0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000001000803d0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 0000000100080300
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 0000000100080360
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000001000802a0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000001000802c0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 0000000100080340
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 0000000100080260
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 0000000100080270
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000001000801f0
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 0000000100080210
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 0000000100080200
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 0000000100080220
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 0000000100080280
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\System32\spoolsv.exe[1964] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010037075c
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003703a4
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100370b14
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100370ecc
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010037163c
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100371284
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[1992] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010037075c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003703a4
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100370b14
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100370ecc
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010037163c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100371284
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1380] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001003c075c
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003c03a4
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001003c0b14
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001003c0ecc
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001003c163c
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001003c1284
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\Explorer.EXE[1412] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001000c0600
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001000c0804
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001000c0c0c
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001000c0a08
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001000c01f8
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001000c03fc
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100141014
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100140804
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100140a08
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100140c0c
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100140e10
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001401f8
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001403fc
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100140600
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001001501f8
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001001503fc
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100150804
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100150600
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100150a08
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100250a08
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001002b075c
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002b03a4
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 0000000100080390
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 0000000100080380
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001002b0b14
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001002b0ecc
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000001000803a0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001002b163c
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 0000000100080320
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000001000802e0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000001000802d0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 0000000100080310
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001002b1284
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 0000000100080230
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0xffffffff8901e890}
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000001000803b0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 0000000100080370
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000001000802f0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 0000000100080350
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 0000000100080290
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000001000802b0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 0000000100080330
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0xffffffff8901e590}
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 0000000100080240
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000001000801e0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 0000000100080250
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0xffffffff8901e090}
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000001000803c0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000001000803d0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 0000000100080300
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 0000000100080360
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000001000802a0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000001000802c0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 0000000100080340
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 0000000100080260
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 0000000100080270
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000001000801f0
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 0000000100080210
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 0000000100080200
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 0000000100080220
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 0000000100080280
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 0000000100080600
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 0000000100080804
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 0000000100080c0c
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 0000000100080a08
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001000801f8
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001000803fc
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001000901f8
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001000903fc
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100090804
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100090600
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100090a08
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100191014
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100190804
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100190a08
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100190c0c
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100190e10
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001901f8
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001903fc
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100190600
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 0000000100080600
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 0000000100080804
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 0000000100080c0c
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 0000000100080a08
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001000801f8
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001000803fc
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001001001f8
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001001003fc
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100100804
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100100600
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100100a08
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100111014
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100110804
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100110a08
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100110c0c
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100110e10
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001101f8
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001103fc
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100110600
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001001a075c
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001a03a4
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001001a0b14
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001001a0ecc
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001001a163c
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001001a1284
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\CrashPlan\CrashPlanService.exe[2520] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010044075c
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001004403a4
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100440b14
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100440ecc
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010044163c
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100441284
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[2584] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010045075c
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001004503a4
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100450b14
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100450ecc
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010045163c
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100451284
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2900] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002601f8
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002603fc
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100260804
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100260600
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100260a08
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files\CrashPlan\CrashPlanTray.exe[3020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 0000000100090600
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 0000000100090804
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 0000000100090c0c
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 0000000100090a08
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001000901f8
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001000903fc
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001000a01f8
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001000a03fc
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 00000001000a0804
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 00000001000a0600
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 00000001000a0a08
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001000c1014
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001000c0804
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001000c0a08
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001000c0c0c
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001000c0e10
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001000c01f8
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001000c03fc
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001000c0600
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010026075c
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002603a4
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100260b14
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100260ecc
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010026163c
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100261284
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\dmwu.exe[2448] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001b0600
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001b0804
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001b0c0c
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001b0a08
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001b01f8
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001b03fc
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002401f8
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002403fc
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100240804
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100240600
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100240a08
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001002d1014
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001002d0804
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001002d0a08
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001002d0c0c
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001002d0e10
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002d01f8
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002d03fc
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001002d0600
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000721a17fa 2 bytes [1A, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000721a1860 2 bytes [1A, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000721a1942 2 bytes [1A, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000721a194d 2 bytes [1A, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001001a075c
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001a03a4
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001001a0b14
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001001a0ecc
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001001a163c
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001001a1284
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
     
  7. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[3204] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100250a08
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002601f8
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002603fc
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100260804
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100260600
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100260a08
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100271014
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100270804
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100270a08
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100270c0c
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100270e10
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002701f8
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002703fc
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100270600
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002601f8
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002603fc
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100260804
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100260600
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100260a08
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100250a08
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002601f8
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002603fc
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100260804
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100260600
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[3404] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100260a08
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 0000000100080804
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 0000000100080c0c
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 0000000100080a08
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001000801f8
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001001901f8
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001001903fc
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100190804
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100190600
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100190a08
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 00000001001b1014
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 00000001001b0c0c
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 00000001001b0e10
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002601f8
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002603fc
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100260804
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100260600
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100260a08
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010043075c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001004303a4
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100430b14
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100430ecc
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010043163c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100431284
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3532] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 4 bytes JMP 000000007fff075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 000000007fff03a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 000000007fff0b14
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 000000007fff0ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000007fff163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 000000007fff1284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001004d075c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001004d03a4
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001004d0b14
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001004d0ecc
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001004d163c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001004d1284
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\UltraVNC\WinVNC.exe[3832] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 00000001002e075c
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002e03a4
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 00000001002e0b14
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 00000001002e0ecc
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 00000001002e163c
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 00000001002e1284
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\wbem\wmiprvse.exe[2500] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 0000000100080804
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 0000000100080c0c
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 0000000100080a08
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001000801f8
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001001101f8
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001001103fc
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100110804
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100110600
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100110a08
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100121014
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100120804
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100120a08
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100120c0c
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100120e10
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001201f8
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001203fc
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100120600
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010022075c
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002203a4
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100220b14
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100220ecc
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010022163c
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100221284
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3824] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010020075c
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002003a4
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100200b14
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100200ecc
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010020163c
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100201284
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\wbem\unsecapp.exe[3316] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\Sendori.Service.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 0000000100080804
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 0000000100080c0c
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 0000000100080a08
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001000801f8
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001001101f8
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001001103fc
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100110804
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100110600
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100110a08
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100131014
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100130804
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100130a08
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100130c0c
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100130e10
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001301f8
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001303fc
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100130600
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\SendoriUp.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001b0c0c
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002501f8
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002503fc
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100250804
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100250600
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Program Files (x86)\Sendori\sndappv2.exe[4400] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100250a08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010019075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001903a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100190b14
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100190ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010019163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100191284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4124] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010027075c
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001002703a4
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 0000000100080390
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 0000000100080380
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100270b14
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100270ecc
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000001000803a0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010027163c
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 0000000100080320
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000001000802e0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000001000802d0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 0000000100080310
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100271284
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 0000000100080230
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0xffffffff8901e890}
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000001000803b0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 0000000100080370
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000001000802f0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 0000000100080350
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 0000000100080290
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000001000802b0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 0000000100080330
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0xffffffff8901e590}
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 0000000100080240
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000001000801e0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 0000000100080250
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0xffffffff8901e090}
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000001000803c0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000001000803d0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 0000000100080300
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 0000000100080360
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000001000802a0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000001000802c0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 0000000100080340
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 0000000100080260
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 0000000100080270
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000001000801f0
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 0000000100080210
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 0000000100080200
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 0000000100080220
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 0000000100080280
    .text C:\Windows\system32\taskeng.exe[2264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010017075c
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001001703a4
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100170b14
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100170ecc
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010017163c
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100171284
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\SearchIndexer.exe[4424] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077033ae0 5 bytes JMP 000000010032075c
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077037a90 5 bytes JMP 00000001003203a4
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770613c0 5 bytes JMP 00000000771c0390
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077061410 5 bytes JMP 00000000771c0380
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077061490 5 bytes JMP 0000000100320b14
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770614f0 5 bytes JMP 0000000100320ecc
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770615c0 5 bytes JMP 00000000771c03a0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770615d0 5 bytes JMP 000000010032163c
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077061680 5 bytes JMP 00000000771c0320
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077061710 5 bytes JMP 00000000771c02e0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077061790 5 bytes JMP 00000000771c02d0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770617b0 5 bytes JMP 00000000771c0310
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077061810 5 bytes JMP 0000000100321284
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770619a0 1 byte JMP 00000000771c0230
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770619a2 3 bytes {JMP 0x15e890}
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077061b60 5 bytes JMP 00000000771c03b0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077061b90 5 bytes JMP 00000000771c0370
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077061c70 5 bytes JMP 00000000771c02f0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077061c80 5 bytes JMP 00000000771c0350
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077061ce0 5 bytes JMP 00000000771c0290
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077061d70 5 bytes JMP 00000000771c02b0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077061da0 1 byte JMP 00000000771c0330
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077061da2 3 bytes {JMP 0x15e590}
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077061e40 5 bytes JMP 00000000771c0240
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077062100 5 bytes JMP 00000000771c01e0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770621c0 1 byte JMP 00000000771c0250
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770621c2 3 bytes {JMP 0x15e090}
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770621f0 5 bytes JMP 00000000771c03c0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077062200 5 bytes JMP 00000000771c03d0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077062230 5 bytes JMP 00000000771c0300
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077062240 5 bytes JMP 00000000771c0360
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770622a0 5 bytes JMP 00000000771c02a0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770622f0 5 bytes JMP 00000000771c02c0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077062330 5 bytes JMP 00000000771c0340
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077062820 5 bytes JMP 00000000771c0260
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077062830 5 bytes JMP 00000000771c0270
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077062a00 5 bytes JMP 00000000771c01f0
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077062a10 5 bytes JMP 00000000771c0210
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077062a80 5 bytes JMP 00000000771c0200
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077062b00 5 bytes JMP 00000000771c0220
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077062be0 5 bytes JMP 00000000771c0280
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e4eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd696e00 5 bytes JMP 000007ff7d6b1dac
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd696f2c 5 bytes JMP 000007ff7d6b0ecc
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd697220 5 bytes JMP 000007ff7d6b1284
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd69739c 5 bytes JMP 000007ff7d6b163c
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd697538 5 bytes JMP 000007ff7d6b19f4
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd6975e8 5 bytes JMP 000007ff7d6b03a4
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd69790c 5 bytes JMP 000007ff7d6b075c
    .text C:\Windows\system32\svchost.exe[2916] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd697ab4 5 bytes JMP 000007ff7d6b0b14
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007720faa0 5 bytes JMP 00000001001c0600
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007720fb38 5 bytes JMP 00000001001c0804
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 00000001001c0c0c
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077210018 5 bytes JMP 00000001001c0a08
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007722c45a 5 bytes JMP 00000001001c01f8
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077231217 5 bytes JMP 00000001001c03fc
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c4a30a 1 byte [62]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074fbee09 5 bytes JMP 00000001002001f8
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074fc3982 5 bytes JMP 00000001002003fc
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 0000000100200804
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074fc835c 5 bytes JMP 0000000100200600
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074fdcfca 5 bytes JMP 0000000174904770
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074fdf52b 5 bytes JMP 0000000100200a08
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075601401 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075601419 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075601431 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007560144a 2 bytes [60, 75]
    .text ... * 9
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756014dd 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756014f5 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007560150d 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075601525 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007560153d 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075601555 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007560156d 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075601585 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007560159d 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756015b5 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756015cd 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756016b2 2 bytes [60, 75]
    .text C:\Users\keith\Downloads\Cleanup\ugh13wlv.exe[6104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756016bd 2 bytes [60, 75]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmGetSession] [7fef7011c00] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmStartSession] [7fef7016544] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmEndSession] [7fef7015e30] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetAppVersion] [7fef7017064] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetAppId] [7fef7012750] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetMachineId] [7fef7012b98] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetUserId] [7fef7012c90] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmReadSharedMachineId] [7fef7011908] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmReadSharedUserId] [7fef70122c8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmWriteSharedMachineId] [7fef7017de0] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmWriteSharedUserId] [7fef7017fcc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmCreateNewId] [7fef7018130] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmStartUpload] [7fef70181d8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmAddToStreamString] [7fef7017a5c] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSetBool] [7fef7016830] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmSet] [7fef7012878] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmAddToStreamDWord] [7fef70177bc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmIncrement] [7fef7016c48] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[sqmapi.dll!SqmWaitForUploadComplete] [7fef70186fc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetMachineId] [7fef7012b98] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmIncrement] [7fef7016c48] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmGetSession] [7fef7011c00] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmStartSession] [7fef7016544] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmEndSession] [7fef7015e30] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetAppVersion] [7fef7017064] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetUserId] [7fef7012c90] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmReadSharedMachineId] [7fef7011908] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmReadSharedUserId] [7fef70122c8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmWriteSharedMachineId] [7fef7017de0] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmWriteSharedUserId] [7fef7017fcc] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmCreateNewId] [7fef7018130] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmStartUpload] [7fef70181d8] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2196] @ c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll[sqmapi.dll!SqmSetAppId] [7fef7012750] C:\Program Files\Microsoft Mouse and Keyboard Center\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef4df741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef4df5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef4df5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef4df5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef4df7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef4df6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef4df6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef4df7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef4df7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef4df78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef4df4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef4df5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3608] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef4df7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1468] 0000000077242e25
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1472] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1484] 0000000076ce7587
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1628] 0000000072704f60
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1632] 0000000072704880
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1648] 00000000726fb200
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1652] 00000000726fb200
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1656] 00000000726fb200
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1660] 00000000726fc000
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1664] 00000000726fba60
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1668] 0000000072714bc0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1672] 00000000727139a0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1676] 0000000072713d70
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1680] 00000000726fd0a0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1684] 00000000726fd0a0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1688] 00000000726fd0a0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1692] 0000000071b812f0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1696] 0000000071b82950
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1700] 0000000071b82950
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1704] 0000000071b51070
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1708] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1712] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1716] 0000000071b012f0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1720] 0000000071ae1000
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1724] 0000000072705aa0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1728] 00000000726fcc20
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1732] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1736] 0000000072804ec0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1740] 0000000071b516a0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1856] 0000000071a06110
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1860] 000000001000bd50
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1864] 000000001000bd50
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1872] 0000000071ae1280
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1892] 00000000720127d0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1896] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1912] 0000000072016ac0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1916] 000000007201eb80
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1920] 0000000072021bd0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1924] 00000000720175f0
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1932] 0000000072019270
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1936] 0000000072019270
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1940] 00000000716f1650
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1944] 00000000716f1820
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1948] 000000007201c920
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1416] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1880] 00000000719562ee
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1084] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1584] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1112] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1120] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1616] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1612] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1908] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1596] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1600] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1604] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1608] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:1876] 0000000077243e45
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:2008] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:4184] 00000000722d345e
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:3152] 0000000077243e45
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:5048] 00000000722d32ce
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:6328] 0000000077243e45
    Thread C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [1452:5304] 0000000077243e45
    Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2188:2920] 000007fef7323e0c
    Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2188:3032] 000007fef7323e0c
    Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2188:2472] 000007fef5bbc508
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2772] 000000001000bd50
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2776] 000000001000bd50
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2796] 0000000010027960
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2800] 0000000076a220f2
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2848] 0000000010027960
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2856] 0000000077242e25
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2872] 0000000076bad864
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3620] 00000000719562ee
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3948] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3952] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:4020] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:4024] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:4028] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:780] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:852] 000000006cfda510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:548] 000000006d7e28ad
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:1548] 0000000077243e45
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:1560] 000000006cfda510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3524] 000000006cfda510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3044] 000000006cfda510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5556] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5616] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5624] 000000006f5f1020
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5628] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5632] 00000000380b5990
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5872] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5896] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5948] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:6124] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:6128] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:6132] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:6136] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:6140] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5140] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3356] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5272] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3872] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:1100] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5716] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5712] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:5936] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:884] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2988] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3604] 00000000301a81ce
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:3224] 000000006f99b420
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:1144] 000000006e7a0510
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:2060] 0000000077243e45
    Thread C:\Program Files (x86)\Steam\Steam.exe [2232:6992] 0000000077243e45
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:3444] 0000000073511390
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:3448] 000000007270d800
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:5356] 000000007135a3e0
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:5656] 00000000747032fb
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:2972] 0000000076bad864
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:3016] 000000001000bd50
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:5476] 000000001000bd50
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:5552] 0000000010027960
    Thread C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080:5496] 0000000010027960
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6660] 0000000066fa6314
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6680] 0000000066fa539b
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6684] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6688] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6692] 000000001000bd50
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6696] 000000001000bd50
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6704] 0000000010027960
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6708] 0000000076a220f2
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6716] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6720] 0000000010027960
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6724] 0000000077242e25
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6728] 0000000076bad864
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6732] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6736] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6744] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6748] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6752] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6756] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6764] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6768] 000000006f5b27e1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6776] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6860] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6864] 00000000747032fb
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6868] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6892] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6896] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6900] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6912] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6964] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:7088] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:7092] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:7140] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:4420] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:1312] 0000000077243e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:4968] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:1224] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:4836] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6216] 000000007535e44f
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:4712] 00000000713527c1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:940] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:5168] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:1888] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6844] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6976] 0000000071ecc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:6924] 0000000077243e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6640:1052] 0000000077243e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:6760] 0000000066fa539b
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:6792] 000000006f5b27e1
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:6808] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:6812] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:6856] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:1260] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:6520] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:4288] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:3216] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:2380] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:5420] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:5828] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:5852] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:6872] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:3012] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:5172] 0000000064f7a839
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6700:3360] 0000000077243e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Users\keith\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe [1580] 0000000071bc0000
    Library ? (*** suspicious ***) @ C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3080] 0000000071f30000

    ---- EOF - GMER 2.0 ----
     
  8. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
    Bump. :)
     
  9. bjay100

    bjay100 Thread Starter

    Joined:
    Jan 28, 2010
    Messages:
    20
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086804

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice