PUP.215 apps Infection

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
D

DrewCoop101

Thread Starter
Joined
Dec 9, 2008
Messages
3
So a little while ago my computer started running slow, and I discovered the CPU usage was at a constant 100%, so I scanned with Malwarebytes and it quarantined a couple of PUP.215 apps files. My computer's CPU is still at 100%.

Here are my logs

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:53 PM, on 1/31/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe
C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe
C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE
C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Andy Darko\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKCU\..\Run: [MultiTouch Platform] "C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andy Darko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Andy Darko\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O4 - Global Startup: TUSBAudio Control Panel Autostart.lnk = C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andy Darko\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15554 bytes
 
D

DrewCoop101

Thread Starter
Joined
Dec 9, 2008
Messages
3
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_33
Run by Andy Darko at 22:52:16 on 2013-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2667.1214 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\SysWOW64\svchost.exe -k pqlabs
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe
C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe
C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE
C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [MultiTouch Platform] "C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe" /s
uRun: [Google Update] "C:\Users\Andy Darko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
uRun: [Spotify Web Helper] "C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Andy Darko\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TUSBAU~1.LNK - C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe
uPolicies-Explorer: NoWinKeys = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Users\Andy Darko\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3AEC15CE-B739-46EB-9E19-16DA3E498925} : DHCPNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 4.2.2.1
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5}\27374623D23747574656E647D216C647 : DHCPNameServer = 10.11.25.37 10.11.25.39
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5}\27374623D27657563747D216C647 : DHCPNameServer = 10.11.25.37 10.11.25.39
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5}\34F657274797162746D27457563747 : DHCPNameServer = 12.127.17.71 12.127.17.72
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5}\4414E49454C43584F455355413D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5}\451424C454D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{57168624-0ECF-484A-84BF-548538A41DB5}\E49555D225F414D433 : DHCPNameServer = 128.122.253.24 128.122.253.46
TCP: Interfaces\{F5DA52F1-9C19-40F7-A6C0-C0781FC44741} : DHCPNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 4.2.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-11-11 77952]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-11-11 37504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-19 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-19 370288]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-19 283200]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-19 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-19 71600]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-23 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-2-9 31088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-4 24176]
R3 mlkumidi;MusicLab Virtual Miniport MIDI Driver;C:\Windows\System32\drivers\mlkumidi.sys [2012-8-29 57408]
.
=============== Created Last 30 ================
.
2013-01-31 09:14:56 -------- d-----w- C:\Users\Andy Darko\AppData\Local\Spotify
2013-01-31 09:14:17 -------- d-----w- C:\Users\Andy Darko\AppData\Roaming\Spotify
2013-01-29 12:27:53 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9801729B-774E-48A9-B236-D8F050A5B9E4}\offreg.dll
2013-01-29 12:23:49 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9801729B-774E-48A9-B236-D8F050A5B9E4}\mpengine.dll
2013-01-28 10:21:15 0 ----a-w- C:\Windows\SysWow64\shoF623.tmp
2013-01-25 17:38:28 -------- d-----w- C:\DVD
2013-01-25 17:05:42 -------- d-----w- C:\Program Files (x86)\DVD Shrink
2013-01-25 17:03:58 -------- d-----w- C:\Users\Andy Darko\AppData\Local\Shopping Sidekick Plugin
2013-01-22 05:10:53 -------- d-----w- C:\Users\Andy Darko\AppData\Roaming\DVD Flick
2013-01-22 05:09:48 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll
2013-01-22 05:09:48 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx
2013-01-22 05:09:47 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx
2013-01-22 05:09:46 -------- d-----w- C:\Program Files (x86)\DVD Flick
2013-01-15 20:09:15 -------- d-----w- C:\Users\Andy Darko\AppData\Roaming\Final Draft
2013-01-15 20:06:48 4169728 ----a-r- C:\Windows\SysWow64\cdintf400.dll
2013-01-15 20:06:31 -------- d-----w- C:\Program Files (x86)\Final Draft 8
2013-01-15 20:05:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-15 19:47:20 -------- d-----w- C:\ProgramData\Final Draft
2013-01-09 15:07:10 -------- d-----w- C:\Program Files (x86)\BitTorrent
2013-01-09 15:04:11 -------- d-----w- C:\Users\Andy Darko\AppData\Roaming\BitTorrent
2013-01-09 14:54:16 -------- d-----w- C:\Downloads
2013-01-09 14:52:20 -------- d-----w- C:\Users\Andy Darko\AppData\Roaming\BitComet
2013-01-09 05:23:07 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-01-09 05:23:06 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2013-01-09 02:54:17 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 02:54:16 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 02:54:01 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-09 02:54:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-01-08 06:47:53 -------- d-----w- C:\Users\Andy Darko\AppData\Local\Programs
2013-01-04 18:15:09 -------- d-----w- C:\v2d
2013-01-04 18:10:02 -------- d-----w- C:\Program Files (x86)\Free MKV Video2Dvd
2013-01-04 18:03:34 -------- d-----w- C:\Users\Andy Darko\AppData\Local\{9E938415-4D1B-4F55-9172-1D6E3E318B2A}
2013-01-04 17:45:50 -------- d-----w- C:\Users\Andy Darko\AppData\Local\Aimersoft
2013-01-04 17:45:40 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft
2013-01-04 17:42:50 -------- d-----w- C:\Program Files (x86)\Aimersoft
.
==================== Find3M ====================
.
2013-01-17 07:08:58 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:08:57 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 12:16:31 0 ----a-w- C:\Windows\SysWow64\shoF8F2.tmp
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-03 10:32:22 0 ----a-w- C:\Windows\SysWow64\shoBC64.tmp
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 05:26:17 225204 ----a-w- C:\ProgramData\1353388916.bdinstall.bin
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-05 04:09:11 2526773 ----a-w- C:\ProgramData\1352086017.bdinstall.bin
.
============= FINISH: 22:57:31.78 ===============
 
D

DrewCoop101

Thread Starter
Joined
Dec 9, 2008
Messages
3
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/3/2011 2:59:52 PM
System Uptime: 1/30/2013 4:39:08 PM (30 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 133.659 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 0.022 GiB free.
E: is CDROM (UDF)
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
Aimersoft DVD Creator(Build 2.6.5)
aioscnnr
AMD Fuel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ASPCA Reminder by We-Care.com v5.0.5.1
ATI Catalyst Install Manager
avast! Free Antivirus
Bejeweled 2 Deluxe
BitTorrent
Blackhawk Striker 2
Blasterball 3
Blio
Bonjour
Bounce Symphony
Build-a-lot 2
C4USelfUpdater
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cool Edit Pro 2.1
CopyTrans Suite Remove Only
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's World Adventure
DVD Flick 1.3.0.7
Energy Star Digital Logo
Epson Connect
Epson Customer Participation
Epson Event Manager
EPSON NX330 Series Printer Uninstall
EPSON Scan
EpsonNet Print
Escape Rosecliff Island
essentials
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Draft
Final Drive Nitro
Finale NotePad 2012
FL Studio 9
Free MKV Video2Dvd 3.30
Free YouTube to MP3 Converter version 3.11.37.1212
Google Chrome
Google Talk Plugin
Google Update Helper
Guitar Pro 5.2
Guitar Pro 6
Hardcore
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Wireless Assistant
IL Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 33
Java(TM) 6 Update 33 (64-bit)
Jewel Quest Solitaire 2
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
LTCM Client
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicLab RealLPC
MusicLab Virtual MIDI Driver
Mystery P.I. - The London Caper
Native Instruments Controller Editor
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig Mobile I/O
Native Instruments Guitar Rig Session I/O
Native Instruments Rig Kontrol 3
Native Instruments Service Center
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
Nitro PDF Reader 2
ocr
Opera 12.12
Penguins!
Plants vs. Zombies
PlayReady PC Runtime x86
PoiZone
Poker Superstars III
Polar Bowler
Polar Golfer
PQLabs MultiTouch Platform 4.1106RC
PQLabs MultiTouch Screen Driver 4.1106RC
PreReq
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
RealUpgrade 1.1
Recovery Manager
reFX Nexus VSTi RTAS v2.2.0
RoxioNow Player
Sawer
Secunia PSI (3.0.0.3001)
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Skype&#8482; 6.0
SMAC 2.7
Spotify
SUPERAntiSpyware
swMSM
Synaptics TouchPad Driver
Toxic Biohazard
TruePianos 1.5.0
TruePianos: Amber Module 1.4.0
TruePianos: Diamond Module 1.4.0
TruePianos: Emerald Module 1.4.0
TruePianos: Sapphire Module 1.4.0
TUSBAudio Driver for XMOS Kits v1.22.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.5
Wheel of Fortune 2
Windows Driver Package - PQLabs (pqbulk) USB (03/31/2010 6.1.7600.16385)
Windows Driver Package - Pqlabs (pqhid) HIDClass (03/31/2010 6.1.7600.16385)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
WMV9/VC-1 Video Playback
Zuma Deluxe
.
==== End Of File ===========================
 
D

DrewCoop101

Thread Starter
Joined
Dec 9, 2008
Messages
3
GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-01 00:20:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000073 Hitachi_ rev.ES2O 298.09GB
Running: hp6j89w4.exe; Driver: C:\Users\ANDYDA~1\AppData\Local\Temp\pwddypob.sys


---- User code sections - GMER 2.0 ----

.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100120440
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100120430
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000100120450
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0xffffffff88c7ee90}
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001001203b0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100120320
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000100120380
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001001202e0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100120410
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001001202d0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100120310
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000100120390
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001001203c0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100120230
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88c7e890}
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100120460
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000100120370
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001001202f0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100120350
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100120290
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001001202b0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001001203a0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100120330
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88c7e590}
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000001001203e0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100120240
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001001201e0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100120250
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88c7e090}
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000100120470
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000100120480
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100120300
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100120360
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001001202a0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001001202c0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100120340
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100120420
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100120260
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100120270
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000001001203d0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0xffffffff88c7db90}
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001001201f0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100120210
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100120200
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000001001203f0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100120400
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100120220
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100120280
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\wininit.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 000000014a330440
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 000000014a330430
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 000000014a330450
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0xffffffffd2e8ee90}
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000014a3303b0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 000000014a330320
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 000000014a330380
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 000000014a3302e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 000000014a330410
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 000000014a3302d0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 000000014a330310
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 000000014a330390
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 000000014a3303c0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 000000014a330230
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffffd2e8e890}
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 000000014a330460
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 000000014a330370
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 000000014a3302f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 000000014a330350
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 000000014a330290
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 000000014a3302b0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 000000014a3303a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 000000014a330330
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffffd2e8e590}
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 000000014a3303e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 000000014a330240
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 000000014a3301e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 000000014a330250
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffffd2e8e090}
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 000000014a330470
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 000000014a330480
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 000000014a330300
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 000000014a330360
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 000000014a3302a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 000000014a3302c0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 000000014a330340
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 000000014a330420
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 000000014a330260
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 000000014a330270
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 000000014a3303d0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0xffffffffd2e8db90}
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 000000014a3301f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 000000014a330210
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 000000014a330200
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 000000014a3303f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 000000014a330400
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 000000014a330220
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 000000014a330280
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\services.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\lsass.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\lsass.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\atiesrxx.exe[940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\System32\svchost.exe[244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\System32\svchost.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0xffffffff88bcee90}
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0xffffffff88bcdb90}
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\AUDIODG.EXE[1044] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070430
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000100070450
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0xffffffff88bcee90}
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070410
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070460
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000100070370
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000100070480
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070420
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000001000703d0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0xffffffff88bcdb90}
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\taskhost.exe[1720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe[1836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[1436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\Bonjour\mDNSResponder.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
 
D

DrewCoop101

Thread Starter
Joined
Dec 9, 2008
Messages
3
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\taskeng.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003b0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\Explorer.EXE[2676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\Explorer.EXE[2676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2972] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2972] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2972] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ed1401 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ed1419 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ed1431 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ed144a 2 bytes [ED, 74]
.text ... * 9
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ed14dd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ed14f5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ed150d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ed1525 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ed153d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ed1555 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ed156d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ed1585 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ed159d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ed15b5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ed15cd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ed16b2 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ed16bd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001000901f8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001000903fc
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100090804
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100090600
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100090a08
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[2084] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2572] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2572] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2572] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010031075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001003103a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100310b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100310ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010031163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100311284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1944] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100441284
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2500] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[452] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[452] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[452] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[452] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[452] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[452] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1940] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatform.exe[3108] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 00000001001d0a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100090600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100090804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100090c0c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100090a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000901f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000903fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100120600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3124] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100120a08
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001401f8
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001403fc
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100140804
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100140600
.text C:\Users\Andy Darko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100140a08
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3244] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100100a08
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001002d01f8
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001002d03fc
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 00000001002d0804
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 00000001002d0600
.text C:\Program Files\Thesycon\TUSBAudio_Driver\TUSBAudioCpl.exe[3272] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 00000001002d0a08
.text C:\Windows\SysWOW64\NLSSRV32.EXE[3500] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\NLSSRV32.EXE[3500] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\NLSSRV32.EXE[3500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\NLSSRV32.EXE[3500] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\NLSSRV32.EXE[3500] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\NLSSRV32.EXE[3500] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\NLSSRV32.EXE[3500] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 00000001001d0c0c
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 00000001001d0a08
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe[3660] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe[3660] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\PQLabs\MultiTouchPlatform\MultiTouchPlatformHelper.exe[3660] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ed1401 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ed1419 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ed1431 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ed144a 2 bytes [ED, 74]
.text ... * 9
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ed14dd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ed14f5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ed150d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ed1525 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ed153d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ed1555 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ed156d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ed1585 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ed159d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ed15b5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ed15cd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ed16b2 2 bytes [ED, 74]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ed16bd 2 bytes [ED, 74]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3712] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3752] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001002c01f8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001002c03fc
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 00000001002c0804
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 00000001002c0600
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 00000001002c0a08
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 00000001002d1014
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 00000001002d0804
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 00000001002d0a08
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 00000001002d0c0c
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 00000001002d0e10
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001002d01f8
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001002d03fc
.text C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe[3808] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 00000001002d0600
.text C:\Windows\SysWOW64\svchost.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\svchost.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\svchost.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\svchost.exe[3816] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\svchost.exe[3816] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\svchost.exe[3816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\svchost.exe[3816] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010016075c
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001001603a4
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100160b14
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100160ecc
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010016163c
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100161284
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\conhost.exe[3888] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3996] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ed1401 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ed1419 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ed1431 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ed144a 2 bytes [ED, 74]
.text ... * 9
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ed14dd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ed14f5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ed150d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ed1525 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ed153d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ed1555 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ed156d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ed1585 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ed159d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ed15b5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ed15cd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ed16b2 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ed16bd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 00000001001d1014
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 00000001001d0a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 00000001001d0c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 00000001001d0e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[4004] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 0000000100141014
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 0000000100140804
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 0000000100140a08
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 0000000100140c0c
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 0000000100140e10
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001001401f8
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001001403fc
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 0000000100140600
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 00000001001d0a08
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ed1401 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ed1419 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ed1431 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ed144a 2 bytes [ED, 74]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ed14dd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ed14f5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ed150d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ed1525 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ed153d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ed1555 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ed156d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ed1585 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ed159d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ed15b5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ed15cd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ed16b2 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ed16bd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4256] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4256] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4256] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010024075c
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001002403a4
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100240b14
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100240ecc
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010024163c
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100241284
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[4508] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010023075c
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001002303a4
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100230b14
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100230ecc
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0xffffffff88bcee90}
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010023163c
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100231284
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0xffffffff88bcdb90}
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\System32\svchost.exe[4588] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010028075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001002803a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100280b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100280ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010028163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100281284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4640] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010042075c
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001004203a4
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100420b14
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100420ecc
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010042163c
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100421284
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[4800] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4904] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 00000001000d0600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 00000001000d0804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 00000001000d0c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 00000001000d0a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000d01f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000d03fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001000f01f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001000f03fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 00000001000f0804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 00000001000f0600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4972] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 00000001000f0a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ed1401 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ed1419 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ed1431 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ed144a 2 bytes [ED, 74]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ed14dd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ed14f5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ed150d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ed1525 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ed153d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ed1555 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ed156d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ed1585 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ed159d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ed15b5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ed15cd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ed16b2 2 bytes [ED, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ed16bd 2 bytes [ED, 74]
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010043075c
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001004303a4
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100430b14
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100430ecc
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010043163c
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100431284
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\system32\SearchIndexer.exe[5440] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 00000001002b075c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001002b03a4
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070440
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070430
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 00000001002b0b14
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 00000001002b0ecc
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000100070450
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0xffffffff88bcee90}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001002b163c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000100070380
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070410
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000100070390
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 00000001002b1284
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703c0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070460
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000100070370
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703a0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000001000703e0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000100070470
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000100070480
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070420
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000001000703d0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0xffffffff88bcdb90}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000001000703f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070400
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5540] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 00000001001b075c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001001b03a4
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 00000001001b0b14
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 00000001001b0ecc
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001001b163c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 00000001001b1284
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\SYSTEM32\WISPTIS.EXE[5572] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6000] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4884] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 00000001002e1014
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 00000001002e0804
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 00000001002e0a08
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 00000001002e0c0c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 00000001002e0e10
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001002e01f8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001002e03fc
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 00000001002e0600
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ed1401 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ed1419 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ed1431 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ed144a 2 bytes [ED, 74]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ed14dd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ed14f5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ed150d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ed1525 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ed153d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ed1555 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ed156d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ed1585 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ed159d 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ed15b5 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ed15cd 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ed16b2 2 bytes [ED, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[5780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ed16bd 2 bytes [ED, 74]
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010027075c
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001002703a4
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100270b14
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100270ecc
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010027163c
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100271284
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\System32\svchost.exe[5188] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 000000010027075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001002703a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 0000000100270b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 0000000100270ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 000000010027163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 0000000100271284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[572] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\system32\wbem\wmiprvse.exe[5308] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 00000001003b075c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001003b03a4
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 00000001003b0b14
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 00000001003b0ecc
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001003b163c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 00000001003b1284
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3488] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077473ae0 5 bytes JMP 00000001002e075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077477a90 5 bytes JMP 00000001002e03a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600440
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600430
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000774a1490 5 bytes JMP 00000001002e0b14
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774a14f0 5 bytes JMP 00000001002e0ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 1 byte JMP 0000000077600450
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000774a15c2 3 bytes {JMP 0x15ee90}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001002e163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 0000000077600380
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600410
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 0000000077600390
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000774a1810 5 bytes JMP 00000001002e1284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600460
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 0000000077600370
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 00000000776003e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 0000000077600470
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 0000000077600480
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600420
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 1 byte JMP 00000000776003d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 2 00000000774a2842 3 bytes {JMP 0x15db90}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 00000000776003f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600400
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007707eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[3624] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefdef6e00 5 bytes JMP 000007ff7df11dac
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefdef6f2c 5 bytes JMP 000007ff7df10ecc
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefdef7220 5 bytes JMP 000007ff7df11284
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefdef739c 5 bytes JMP 000007ff7df1163c
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefdef7538 5 bytes JMP 000007ff7df119f4
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefdef75e8 5 bytes JMP 000007ff7df103a4
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefdef790c 5 bytes JMP 000007ff7df1075c
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefdef7ab4 5 bytes JMP 000007ff7df10b14
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007764faa0 5 bytes JMP 0000000100030600
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007764fb38 5 bytes JMP 0000000100030804
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007764fc90 5 bytes JMP 0000000100030c0c
 
D

DrewCoop101

Thread Starter
Joined
Dec 9, 2008
Messages
3
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000100030a08
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007766c45a 5 bytes JMP 00000001000301f8
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077671217 5 bytes JMP 00000001000303fc
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074daa30a 1 byte [62]
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076d55181 5 bytes JMP 00000001001d1014
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076d55254 5 bytes JMP 00000001001d0804
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076d553d5 5 bytes JMP 00000001001d0a08
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076d554c2 5 bytes JMP 00000001001d0c0c
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076d555e2 5 bytes JMP 00000001001d0e10
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076d5567c 5 bytes JMP 00000001001d01f8
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076d5589f 5 bytes JMP 00000001001d03fc
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076d55a22 5 bytes JMP 00000001001d0600
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c6ee09 5 bytes JMP 00000001001e01f8
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c73982 5 bytes JMP 00000001001e03fc
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 00000001001e0804
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c7835c 5 bytes JMP 00000001001e0600
.text C:\Users\Andy Darko\Desktop\hp6j89w4.exe[6056] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 00000001001e0a08

---- Threads - GMER 2.0 ----

Thread C:\Windows\system32\svchost.exe [4508:4808] 000007fef9043438
Thread C:\Windows\system32\svchost.exe [4508:4856] 000007fefc0f2a7c
Thread C:\Windows\System32\svchost.exe [4588:3608] 000007fef4e99688
Thread C:\Windows\system32\wbem\wmiprvse.exe [4904:3512] 000007fef5531c20
Thread C:\Windows\system32\wbem\wmiprvse.exe [4904:5248] 000007fefdfc0168
Thread C:\Windows\system32\SearchIndexer.exe [5440:5900] 000007fef5635170
Thread C:\Windows\system32\SearchIndexer.exe [5440:2664] 000007fef6e969ac
Thread C:\Windows\system32\SearchIndexer.exe [5440:4236] 000007fef4913dac
Thread C:\Windows\system32\SearchIndexer.exe [5440:3892] 000007fef4911700
Thread C:\Windows\system32\SearchIndexer.exe [5440:4120] 000007fef493b248
Thread C:\Windows\system32\SearchIndexer.exe [5440:4116] 000007fef493c4ac
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1356:5940] 000007fefdfc0168
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1356:2164] 000007fefc0f2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1356:5868] 000007fef216d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1356:3036] 000007fefb755124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1356:868] 000007fef2109730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1356:4936] 000007fef216d618

---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 584 (members: 5, guests: 579)
Top