Mededeling

Collapse
No announcement yet.

Geïnfecteerd?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Geïnfecteerd?

    Goedenamiddag iedereen,

    Hier volgen mijn logs, wegens te lang kan het zijn dat ik bepaalde logs in stukken moet opgeven.

    Met vriendelijke groeten,

    Gentenaarke1977

    Malwarebytes Anti-Malware

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.11.24.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Günter Temmerman :: GENTENAARKE1977 [administrator]

    24/11/2013 16:23:32
    mbam-log-2013-11-24 (16-23-32).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 206233
    Verstreken tijd: 3 minuut/minuten, 39 seconde(n)

    Geheugenprocessen gedetecteerd: 1
    C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Wsys.A) -> 1680 -> Zal worden verwijderd tijdens het herstarten.

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 17
    HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Wsys.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6} (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 3
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www.delta-search.com/?affID=1...6D6C3BE510FB93 -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Data: C:\ProgramData\eSafe\eGdpSvc.exe -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 4
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Slecht: (http://www.qvo6.com/?utm_source=b&ut...&ts=1377459964) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Slecht: (http://www.qvo6.com/?utm_source=b&ut...&ts=1377459964) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Slecht: (http://www.qvo6.com/?utm_source=b&ut...&ts=1377459964) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Slecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Goed: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 25
    C:\Users\Günter Temmerman\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\1 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\3 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\35 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\36 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\39 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\4 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\41 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\42 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\components (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\sysicons (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Desk 365 (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Slick Savings (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Local\Slick Savings (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 110
    C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Zal worden verwijderd tijdens het herstarten.
    C:\Users\Günter Temmerman\AppData\Roaming\Slick Savings\Coupons.dll (PUP.Optional.Spigot) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\eIntaller\605FE4D8242E4ab6BFA39F7752A7A0EF\Desk365.exe (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Omiga Plus\wallpaper_components.exe (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\Downloads\iLividSetup-r1111-n-bc.exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\Downloads\SoftonicDownloader_voor_soluto.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\Downloads\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\accelerate (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\firstrun (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\1\angrybirds.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\3\BigFarm.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\35\Gmail.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\35\Gmail.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\36\Outlook.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\36\Outlook.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\39\ESPN.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\39\ESPN.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\4\Empire.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\4\Empire.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\41\gcalendar.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\42\pulse.db (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\app\config\42\pulse.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\components\libcef_1.1364_wallpaper.exe (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\337_7c9140b13c049fd26989f7fa25b77cb1_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\angrybirds_00ff92c12703baaf0130d6aec427d047_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Barbie_00a67ff4ef657679a6c88553135d62ad_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\BigFarm_de933b0e5218a4db24bebe3d55ed3558_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\chrome_11b8eaa35f69fcbc0260d41bfa69bf49.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\chrome_11b8eaa35f69fcbc0260d41bfa69bf49_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Desk Tunes_f5a3634da66adcdd76267331ac178e18_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Empire_22b42f57d1c467841280810e218d5510_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\ESPN_a7b078f5f5f5b87efcef66ab5783cf9d_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Facebook_aab07bc79cf599b25c0110f32d46a3ef_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\gcalendar_50b3e3c5fc202f0cfcae8032b2465c1b_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Gmail_731b6d011bd9f67463a916a496775935_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Google_60d75cb277f0c452fa60dba8350caf65_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\iexplore_866f9b5d10d931b638c5c4af0c0ad78a.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\iexplore_866f9b5d10d931b638c5c4af0c0ad78a_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Mario_52934d81761dc31187a93a3a0be7fecc_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Outlook_6f817b67fa6af1a9c8abfa3813a8595c_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\pulse_b5a242da04cc06eacd02b1ca41e3583c_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\sys_computer_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\sys_control_panel_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\sys_my_documents_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\icons\Youtube_bf18fdfc4aefd6417a8bacae4be5b415_48_48.png (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\337.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\barbie.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\facebook.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\Facebook_aab07bc79cf599b25c0110f32d46a3ef.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\GameCenter.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\google.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\Google_60d75cb277f0c452fa60dba8350caf65.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\mario.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\twitter.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\v9.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\youtube.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\sysicons\0737cc0646562366bf607aa1fa2a03bd_21.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\sysicons\07584c03a5dd11a6104e45e8ad03b3fe_104.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\sysicons\07584c03a5dd11a6104e45e8ad03b3fe_107.ico (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r0.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r1.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r2.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r3.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r4.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r5.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r6.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r7.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r8.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Desk 365\wp\r9.jpg (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Desk 365\recent.xml (PUP.Optional.Desk365.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Slick Savings\coupons_2.4.crx (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Slick Savings\Coupons64.dll (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Slick Savings\CouponsHelper.exe (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Slick Savings\coupons_2.8.xpi (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\Slick Savings\Uninstall.exe (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Local\Slick Savings\coupons.crx (PUP.Optional.Spigot.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Günter Temmerman\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
    Last edited by Gentenaarke1977; 24-11-13, 15:55.

  • #2
    DDS-logbestand

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by Günter Temmerman at 16:36:30 on 2013-11-24
    Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3984.1911 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\servicing\TrustedInstaller.exe
    c:\program files\soluto\soluto.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Users\Günter Temmerman\Desktop\dds.com
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.be/
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.2\iobitappsToolbarIE.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.2\iobitappsToolbarIE.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
    BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.2\iobitappsToolbarIE.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
    uRun: [Facebook Update] "C:\Users\Günter Temmerman\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Spotify] "C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\034474a2-20f9-41da-9d8c-3238131beec7.exe /check
    StartupFolder: C:\Users\GNTERT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 195.130.131.2 195.130.130.130
    TCP: Interfaces\{B0B1D9CA-D85E-43D8-B1CB-BA2F7784489B} : DHCPNameServer = 195.130.131.2 195.130.130.130
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: DeviceNP - DeviceNP.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD5000AAKX-60U6AA0_WD-WCC2EX11933219332&ts=1377459964
    x64-mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD5000AAKX-60U6AA0_WD-WCC2EX11933219332&ts=1377459964
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe,c:\program files\soluto\soluto.exe /userinit
    x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.2\iobitappsToolbarIE64.dll
    x64-Run: [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-17 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-17 204880]
    R0 MfeEpeOpal;MfeEpeOpal;C:\Windows\System32\drivers\MfeEpeOpal.sys [2012-7-12 90736]
    R0 MfeEpePc;MfeEpePc;C:\Windows\System32\drivers\MfeEpePc.sys [2012-7-12 158832]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-11-21 17720]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-17 1030952]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-17 378944]
    R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-21 878368]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-11-8 807800]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-17 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-17 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-15 46808]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-3-9 372824]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-11-21 335168]
    R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-21 2151200]
    R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-7-11 1327104]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-3-14 1134624]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-11-20 289496]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-7-14 11576]
    R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-11-21 23048]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-11-21 34336]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-20 883928]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-11-21 23016]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-10-1 2473296]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 A38CCID;CCID USB Smart Card Reader;C:\Windows\System32\drivers\a38ccid.sys [2013-1-30 46720]
    S3 DAMDrv;DAMDrv;C:\Windows\System32\drivers\DAMDrv64.sys [2012-9-4 64832]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2012-9-4 477088]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-19 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-1 19456]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-1 30208]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-17 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-11-24 15:36:30 -------- d-----w- C:\Users\G³nter Temmerman\AppData\Local\Microsoft
    2013-11-24 15:22:17 -------- d-----w- C:\Users\Günter Temmerman\AppData\Roaming\Malwarebytes
    2013-11-24 15:21:57 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-11-24 15:21:56 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-11-24 15:21:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-11-23 12:58:45 863184 ----a-w- C:\Users\Günter Temmerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\chrome.exe
    2013-11-22 16:19:26 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3F3BC7F-1D99-41C3-A102-E91F28C5F944}\mpengine.dll
    2013-11-22 05:09:14 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
    2013-11-21 19:38:55 7816704 ----a-w- C:\Windows\System32\ig7icd64.dll
    2013-11-21 19:38:53 6176768 ----a-w- C:\Windows\SysWow64\ig7icd32.dll
    2013-11-21 19:38:51 771056 ----a-w- C:\Windows\System32\hkcmd.exe
    2013-11-21 19:38:47 194048 ----a-w- C:\Windows\System32\gfxSrvc.dll
    2013-11-21 19:38:45 153072 ----a-w- C:\Windows\System32\difx64.exe
    2013-11-21 19:36:10 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
    2013-11-21 19:35:11 -------- d-----w- C:\ProgramData\ProductData
    2013-11-21 19:35:04 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    2013-11-21 19:34:53 -------- d-----w- C:\Program Files (x86)\Application Updater
    2013-11-21 19:34:52 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
    2013-11-21 19:34:52 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
    2013-11-20 20:46:33 -------- d-----w- C:\Windows\System32\SRSLabs
    2013-11-20 20:46:03 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll
    2013-11-20 20:46:03 198896 ----a-w- C:\Windows\System32\SRSHP64.dll
    2013-11-20 20:46:01 3707864 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2013-11-20 20:46:01 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
    2013-11-20 20:46:01 2810072 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2013-11-20 20:46:01 1662024 ----a-w- C:\Windows\System32\RTSnMg64.cpl
    2013-11-20 20:46:00 2587864 ----a-w- C:\Windows\System32\SETDA4E.tmp
    2013-11-20 20:46:00 14952 ----a-w- C:\Windows\System32\RtkCoLDR64.dll
    2013-11-20 20:46:00 1021656 ----a-w- C:\Windows\System32\RtkApi64.dll
    2013-11-20 20:45:59 617176 ----a-w- C:\Windows\System32\RtDataProc64.dll
    2013-11-20 20:45:59 1286360 ----a-w- C:\Windows\System32\RTCOM64.dll
    2013-11-20 20:45:58 38385664 ----a-w- C:\Windows\System32\RCoRes64.dat
    2013-11-20 20:45:58 153304 ----a-w- C:\Windows\System32\RCoInstII64.dll
    2013-11-20 20:45:47 2743328 ----a-w- C:\Windows\System32\FMAPO64.dll
    2013-11-20 20:45:46 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
    2013-11-20 20:45:45 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
    2013-11-20 20:45:45 108640 ----a-w- C:\Windows\System32\AERTAR64.dll
    2013-11-14 04:44:03 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-11-14 04:44:01 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-11-14 04:43:46 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-11-14 04:43:36 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-11-14 04:43:35 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-11-14 04:43:34 197120 ----a-w- C:\Windows\System32\credui.dll
    2013-11-14 04:43:34 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-11-14 04:43:34 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-11-14 04:43:33 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2013-11-14 04:43:01 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2013-11-14 04:43:01 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-11-14 04:43:01 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-11-14 04:43:00 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-11-14 04:43:00 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-11-11 09:48:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-11-11 09:48:11 -------- d-----w- C:\Program Files\iTunes
    2013-11-11 09:48:11 -------- d-----w- C:\Program Files\iPod
    2013-11-11 09:48:11 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2013-11-21 19:38:51 223744 ----a-w- C:\Windows\System32\hccutils.dll
    2013-11-19 06:13:51 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2013-11-18 02:15:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-18 02:15:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-11 04:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
    2013-10-14 16:15:28 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-08 05:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-10-01 15:16:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-10-01 15:16:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-09-30 08:16:10 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
    2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
    2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
    2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
    2013-09-09 02:45:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-09-09 02:45:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
    2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
    2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    .
    ============= FINISH: 16:37:09,73 ===============

    Comment


    • #3
      GMER 2.1.19163 - http://www.gmer.net
      Rootkit scan 2013-11-24 16:46:37
      Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-60U6AA0 rev.18.01H18 465,76GB
      Running: www8ocp5.exe; Driver: C:\Users\GNTERT~1\AppData\Local\Temp\kfpyyaod.sys


      ---- User code sections - GMER 2.1 ----

      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000149de0460
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000149de0450
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000149de0370
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000149de0470
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000149de03e0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000149de0320
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000149de03b0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000149de0390
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000149de02e0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000149de02d0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000149de0310
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000149de03c0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000149de03f0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000149de0230
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000149de0480
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000149de03a0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000149de02f0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000149de0350
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000149de0290
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000149de02b0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000149de03d0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000149de0330
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000149de0410
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000149de0240
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000149de01e0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000149de0250
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000149de0490
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000149de04a0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000149de0300
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000149de0360
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000149de02a0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000149de02c0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000149de0380
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000149de0340
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000149de0440
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000149de0260
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000149de0270
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000149de0400
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000149de01f0
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000149de0210
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000149de0200
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000149de0420
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000149de0430
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000149de0220
      .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000149de0280
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
      .text C:\Windows\system32\wininit.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000149de0460
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000149de0450
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000149de0370
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000149de0470
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000149de03e0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000149de0320
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000149de03b0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000149de0390
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000149de02e0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000149de02d0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000149de0310
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000149de03c0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000149de03f0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000149de0230
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000149de0480
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000149de03a0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000149de02f0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000149de0350
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000149de0290
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000149de02b0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000149de03d0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000149de0330
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000149de0410
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000149de0240
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000149de01e0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000149de0250
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000149de0490
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000149de04a0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000149de0300
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000149de0360
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000149de02a0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000149de02c0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000149de0380
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000149de0340
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000149de0440
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000149de0260
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000149de0270
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000149de0400
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000149de01f0
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000149de0210
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000149de0200
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000149de0420
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000149de0430
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000149de0220
      .text C:\Windows\system32\csrss.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000149de0280
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
      .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
      .text C:\Windows\system32\services.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
      .text C:\Windows\system32\winlogon.exe[800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]

      Comment


      • #4
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
        .text C:\Windows\system32\lsass.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
        .text C:\Windows\system32\lsm.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
        .text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
        .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe[1000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
        .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[500] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
        .text C:\Windows\system32\svchost.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280

        Comment


        • #5
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
          .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
          .text C:\Windows\System32\svchost.exe[448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
          .text C:\Windows\System32\svchost.exe[400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
          .text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
          .text C:\Windows\system32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]

          Comment


          • #6
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
            .text C:\Windows\system32\AUDIODG.EXE[1116] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
            .text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
            .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
            .text C:\Windows\system32\svchost.exe[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
            .text C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
            .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]

            Comment


            • #7
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
              .text C:\Windows\system32\taskeng.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
              .text C:\Windows\system32\svchost.exe[1832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 0000000077ca03e0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000077ca0400
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
              .text C:\Windows\system32\svchost.exe[1880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
              .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[1904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1048] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
              .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
              .text ... * 2
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000100070460
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000100070450
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000100070370
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000100070470
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001000703e0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000100070320
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 00000001000703b0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000100070390
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 00000001000702e0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 00000001000702d0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000100070310
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 00000001000703c0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 00000001000703f0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000100070230
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000100070480
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 00000001000703a0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 00000001000702f0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000100070350
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000100070290
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 00000001000702b0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 00000001000703d0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000100070330
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000100070410
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000100070240
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 00000001000701e0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000100070250
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000100070490
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 00000001000704a0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000100070300
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000100070360
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 00000001000702a0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 00000001000702c0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000100070380
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000100070340
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000100070440
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000100070260
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000100070270
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 0000000100070400
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 00000001000701f0
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000100070210
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000100070200
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000100070420
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000100070430
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000100070220
              .text C:\Program Files\Bonjour\mDNSResponder.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000100070280
              .text c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe[1676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe[1588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe[1204] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[2056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2524] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100101014
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100100804
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100100a08
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100100c0c
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100100e10
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001001001f8
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001001003fc
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100100600
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001001101f8
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001001103fc
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100110804
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100110600
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100110a08
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
              .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
              .text ... * 2

              Comment


              • #8
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 000000010026075c
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001002603a4
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 0000000100260b14
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 0000000100260ecc
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 000000010026163c
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 0000000100261284
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001002619f4
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                .text C:\Windows\system32\taskhost.exe[3148] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 000000010045075c
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001004503a4
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 0000000100450b14
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 0000000100450ecc
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 000000010045163c
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 0000000100451284
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001004519f4
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                .text C:\Windows\system32\Dwm.exe[3216] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001001e075c
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001001e03a4
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001001e0b14
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001001e0ecc
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001001e163c
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001001e1284
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001001e19f4
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                .text C:\Windows\Explorer.EXE[3256] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100101014
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100100804
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100100a08
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100100c0c
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100100e10
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001001001f8
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001001003fc
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100100600
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001001101f8
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001001103fc
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100110804
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100110600
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100110a08
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                .text c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                .text ... * 2

                Comment


                • #9
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001003b075c
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001003b03a4
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001003b0b14
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001003b0ecc
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001003b163c
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001003b1284
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001003b19f4
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                  .text C:\Windows\system32\taskeng.exe[3496] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001001c075c
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001001c03a4
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001001c0b14
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001001c0ecc
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001001c163c
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001001c1284
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001001c19f4
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                  .text C:\Windows\system32\UI0Detect.exe[3568] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                  .text C:\Windows\servicing\TrustedInstaller.exe[3740] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                  .text C:\Windows\System32\WUDFHost.exe[3976] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                  .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                  .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                  .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                  .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                  .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe[4128] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                  .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe[4128] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                  .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe[4128] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                  .text C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe[4152] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001002a075c
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001002a03a4
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001002a0b14
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001002a0ecc
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001002a163c
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001002a1284
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001002a19f4
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                  .text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4488] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14

                  Comment


                  • #10
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001002b075c
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001002b03a4
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001002b0b14
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001002b0ecc
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001002b163c
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001002b1284
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001002b19f4
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                    .text C:\Windows\system32\SearchIndexer.exe[4908] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002401f8
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002403fc
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100240804
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100240600
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100240a08
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[4304] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001004f075c
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001004f03a4
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001004f0b14
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001004f0ecc
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001004f163c
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001004f1284
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001004f19f4
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                    .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3848] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 4 bytes JMP 000000007fff075c
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 000000007fff03a4
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 000000007fff0b14
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 000000007fff0ecc
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 000000007fff163c
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 000000007fff1284
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 000000007fff19f4
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                    .text C:\Windows\System32\hkcmd.exe[2824] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14

                    Comment


                    • #11
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 000000010020075c
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001002003a4
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 0000000100200b14
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 0000000100200ecc
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 000000010020163c
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 0000000100201284
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001002019f4
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                      .text C:\Windows\System32\igfxpers.exe[1860] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 000000010024075c
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001002403a4
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 0000000100240b14
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 0000000100240ecc
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 000000010024163c
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 0000000100241284
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001002419f4
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                      .text C:\Windows\system32\igfxsrvc.exe[1276] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002401f8
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002403fc
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100240804
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100240600
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100240a08
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                      .text C:\Program Files (x86)\Google\Google Talk\googletalk.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                      .text ... * 2
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001003c01f8
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001003c03fc
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 00000001003c0804
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 00000001003c0600
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 00000001003c0a08
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 00000001003d1014
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 00000001003d0804
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 00000001003d0a08
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 00000001003d0c0c
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 00000001003d0e10
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001003d01f8
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001003d03fc
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2380] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 00000001003d0600
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002401f8
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002403fc
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100240804
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100240600
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100240a08
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                      .text C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                      .text ... * 2
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100240600
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100240804
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100240c0c
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100240a08
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100240e10
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001002401f8
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001002403fc
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\user32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002501f8
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\user32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002503fc
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\user32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100250804
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\user32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100250600
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\user32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100250a08
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100021014
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100020804
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100020a08
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100020c0c
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100020e10
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001000201f8
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001000203fc
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100020600
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                      .text C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                      .text ... * 2
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002401f8
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002403fc
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100240804
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100240600
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100240a08
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                      .text C:\Users\Günter Temmerman\AppData\Roaming\Dropbox\bin\Dropbox.exe[5224] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                      .text ... * 2

                      Comment


                      • #12
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002401f8
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002403fc
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100240804
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100240600
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100240a08
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                        .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5524] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002801f8
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002803fc
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100280804
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100280600
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100280a08
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100291014
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100290804
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100290a08
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100290c0c
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100290e10
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002901f8
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002903fc
                        .text C:\Program Files (x86)\Winamp\winampa.exe[5576] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100290600
                        .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002601f8
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002603fc
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100260804
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100260600
                        .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5668] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100260a08
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100101014
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100100804
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100100a08
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100100c0c
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100100e10
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001001001f8
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001001003fc
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100100600
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001001101f8
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001001103fc
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100110804
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100110600
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100110a08
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                        .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                        .text ... * 2
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001001001f8
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001001003fc
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100100804
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100100600
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100100a08
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100111014
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100110804
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100110a08
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100110c0c
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100110e10
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001001101f8
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001001103fc
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100110600
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                        .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[5696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                        .text ... * 2
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 000000010031075c
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001003103a4
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000100070460
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000100070450
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 0000000100310b14
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 0000000100310ecc
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000100070370
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000100070470
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 000000010031163c
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000100070320
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 00000001000703b0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000100070390
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 00000001000702e0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 00000001000702d0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000100070310
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 00000001000703c0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 0000000100311284
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 00000001000703f0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000100070230
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000100070480
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 00000001000703a0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 00000001000702f0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000100070350
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000100070290
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 00000001000702b0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 00000001000703d0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000100070330
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000100070410
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000100070240
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 00000001000701e0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000100070250
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000100070490
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 00000001000704a0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000100070300
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000100070360
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 00000001000702a0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 00000001000702c0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000100070380
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000100070340
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000100070440
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000100070260
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000100070270
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001003119f4
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 00000001000701f0
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000100070210
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000100070200
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000100070420
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000100070430
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000100070220
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000100070280
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                        .text C:\Program Files\iPod\bin\iPodService.exe[5356] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002401f8
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002403fc
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100240804
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100240600
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100240a08
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076e01465 2 bytes [E0, 76]
                        .text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[5248] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076e014bb 2 bytes [E0, 76]
                        .text ... * 2

                        Comment


                        • #13
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001001b075c
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001001b03a4
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001001b0b14
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001001b0ecc
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001001b163c
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001001b1284
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001001b19f4
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                          .text C:\Windows\system32\wuauclt.exe[5556] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 00000001002e075c
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001002e03a4
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000077ca0460
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000077ca0450
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 00000001002e0b14
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 00000001002e0ecc
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000077ca0370
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000077ca0470
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 00000001002e163c
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000077ca0320
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 0000000077ca03b0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000077ca0390
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 0000000077ca02e0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 0000000077ca02d0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000077ca0310
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 0000000077ca03c0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 00000001002e1284
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 0000000077ca03f0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000077ca0230
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000077ca0480
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 0000000077ca03a0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 0000000077ca02f0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000077ca0350
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000077ca0290
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 0000000077ca02b0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 0000000077ca03d0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000077ca0330
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000077ca0410
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000077ca0240
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 0000000077ca01e0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000077ca0250
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000077ca0490
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 0000000077ca04a0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000077ca0300
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000077ca0360
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 0000000077ca02a0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 0000000077ca02c0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000077ca0380
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000077ca0340
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000077ca0440
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000077ca0260
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000077ca0270
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001002e19f4
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 0000000077ca01f0
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000077ca0210
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000077ca0200
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000077ca0420
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000077ca0430
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000077ca0220
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000077ca0280
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a2eecd 1 byte [62]
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                          .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[3956] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100030600
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100030804
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100030c0c
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100030a08
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100030e10
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001000301f8
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001000303fc
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 00000001000a1014
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 00000001000a0804
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 00000001000a0a08
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 00000001000a0c0c
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 00000001000a0e10
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001000a01f8
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001000a03fc
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 00000001000a0600
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001000b01f8
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001000b03fc
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 00000001000b0804
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 00000001000b0600
                          .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4844] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 00000001000b0a08
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b13b10 5 bytes JMP 000000010029075c
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b17ac0 5 bytes JMP 00000001002903a4
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b41360 5 bytes JMP 0000000100070460
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b413b0 5 bytes JMP 0000000100070450
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b41430 5 bytes JMP 0000000100290b14
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b41490 5 bytes JMP 0000000100290ecc
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b41510 5 bytes JMP 0000000100070370
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b41560 5 bytes JMP 0000000100070470
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b41570 5 bytes JMP 000000010029163c
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b41620 5 bytes JMP 0000000100070320
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b41650 5 bytes JMP 00000001000703b0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b41670 5 bytes JMP 0000000100070390
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b416b0 5 bytes JMP 00000001000702e0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b41730 5 bytes JMP 00000001000702d0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b41750 5 bytes JMP 0000000100070310
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b41790 5 bytes JMP 00000001000703c0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b417b0 5 bytes JMP 0000000100291284
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b417e0 5 bytes JMP 00000001000703f0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b41940 5 bytes JMP 0000000100070230
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b41b00 5 bytes JMP 0000000100070480
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b41b30 5 bytes JMP 00000001000703a0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b41c10 5 bytes JMP 00000001000702f0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b41c20 5 bytes JMP 0000000100070350
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b41c80 5 bytes JMP 0000000100070290
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b41d10 5 bytes JMP 00000001000702b0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b41d30 5 bytes JMP 00000001000703d0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b41d40 5 bytes JMP 0000000100070330
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b41db0 5 bytes JMP 0000000100070410
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b41de0 5 bytes JMP 0000000100070240
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b420a0 5 bytes JMP 00000001000701e0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b42160 5 bytes JMP 0000000100070250
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b42190 5 bytes JMP 0000000100070490
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b421a0 5 bytes JMP 00000001000704a0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b421d0 5 bytes JMP 0000000100070300
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b421e0 5 bytes JMP 0000000100070360
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b42240 5 bytes JMP 00000001000702a0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b42290 5 bytes JMP 00000001000702c0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b422c0 5 bytes JMP 0000000100070380
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b422d0 5 bytes JMP 0000000100070340
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b425c0 5 bytes JMP 0000000100070440
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b427c0 5 bytes JMP 0000000100070260
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b427d0 5 bytes JMP 0000000100070270
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b427e0 5 bytes JMP 00000001002919f4
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b429a0 5 bytes JMP 00000001000701f0
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b429b0 5 bytes JMP 0000000100070210
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b42a20 5 bytes JMP 0000000100070200
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b42a80 5 bytes JMP 0000000100070420
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b42a90 5 bytes JMP 0000000100070430
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b42aa0 5 bytes JMP 0000000100070220
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b42b80 5 bytes JMP 0000000100070280
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                          .text C:\Windows\System32\svchost.exe[1604] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                          .text C:\Windows\system32\wbem\wmiprvse.exe[1468] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde06e00 5 bytes JMP 000007ff7de21dac
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde06f2c 5 bytes JMP 000007ff7de20ecc
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde07220 5 bytes JMP 000007ff7de21284
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde0739c 5 bytes JMP 000007ff7de2163c
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde07538 5 bytes JMP 000007ff7de219f4
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde075e8 5 bytes JMP 000007ff7de203a4
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde0790c 5 bytes JMP 000007ff7de2075c
                          .text C:\Windows\System32\svchost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde07ab4 5 bytes JMP 000007ff7de20b14
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077cefac0 5 bytes JMP 0000000100240600
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077cefb58 5 bytes JMP 0000000100240804
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077cefcb0 5 bytes JMP 0000000100240c0c
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077cf0038 5 bytes JMP 0000000100240a08
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077cf1920 5 bytes JMP 0000000100240e10
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d0c4dd 5 bytes JMP 00000001002401f8
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d11287 5 bytes JMP 00000001002403fc
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771ca2ba 1 byte [62]
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077175181 5 bytes JMP 0000000100251014
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077175254 5 bytes JMP 0000000100250804
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000771753d5 5 bytes JMP 0000000100250a08
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000771754c2 5 bytes JMP 0000000100250c0c
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000771755e2 5 bytes JMP 0000000100250e10
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007717567c 5 bytes JMP 00000001002501f8
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007717589f 5 bytes JMP 00000001002503fc
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077175a22 5 bytes JMP 0000000100250600
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007700ee09 5 bytes JMP 00000001002601f8
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077013982 5 bytes JMP 00000001002603fc
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077017603 5 bytes JMP 0000000100260804
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007701835c 5 bytes JMP 0000000100260600
                          .text C:\Users\Günter Temmerman\Desktop\www8ocp5.exe[5976] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007702f52b 5 bytes JMP 0000000100260a08

                          ---- Threads - GMER 2.1 ----

                          Thread C:\Windows\system32\svchost.exe [1880:3908] 000007fef3622888

                          Comment


                          • #14
                            ---- Registry - GMER 2.1 ----

                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswFsBlk
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Activity Monitor
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! mini-filter driver (aswFsBlk)
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\[email protected] aswFsBlk Instance
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk [email protected] 388400
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk [email protected] 0
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \??\C:\Windows\system32\drivers\aswMonFlt.sys
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswMonFlt
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Anti-Virus
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! mini-filter driver (aswMonFlt)
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\[email protected] aswMonFlt Instance
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt [email protected] 320700
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt [email protected] 0
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \SystemRoot\System32\Drivers\aswrdr2.sys
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswRdr
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] PNP_TDI
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] tcpip?
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! WFP Redirect driver
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\[email protected]
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\[email protected] nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 0
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswRvrt
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Revert
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 129
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 2658587
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] \Device\Harddisk0\Partition2\Windows
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswSnx
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Virtualization
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! virtualization driver (aswSnx)
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] aswSnx Instance
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx [email protected] 137600
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx [email protected] 0
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswSP
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Self Protection
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Network Shield Support
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] PNP_TDI
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] tcpip?
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Network Shield TDI driver
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 9
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 0
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswVmm
                            Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! VM Monitor
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
                            Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 32
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 2
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] avast! Antivirus
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] ShellSvcGroup
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] aswMonFlt?RpcSS?
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] LocalSystem
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] Behandelt en implementeert avast! antivirus diensten voor deze computer. Dit bevat de interne bescherming, de viruskluis en de planner.
                            Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswFsBlk
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Activity Monitor
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! mini-filter driver (aswFsBlk)
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\[email protected] aswFsBlk Instance
                            Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk [email protected] 388400
                            Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk [email protected] 0
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] \??\C:\Windows\system32\drivers\aswMonFlt.sys
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswMonFlt
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Anti-Virus
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! mini-filter driver (aswMonFlt)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\[email protected] aswMonFlt Instance
                            Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt [email protected] 320700
                            Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt [email protected] 0
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] \SystemRoot\System32\Drivers\aswrdr2.sys
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswRdr
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] PNP_TDI
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] tcpip?
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! WFP Redirect driver
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\[email protected]
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\[email protected] nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 0
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswRvrt
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Revert
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 129
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 2658587
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] \Device\Harddisk0\Partition2\Windows
                            Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswSnx
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Virtualization
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! virtualization driver (aswSnx)
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] aswSnx Instance
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx [email protected] 137600
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx [email protected] 0
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswSP
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Self Protection
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
                            Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Network Shield Support
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] PNP_TDI
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] tcpip?
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Network Shield TDI driver
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 9
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 0
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswVmm
                            Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! VM Monitor
                            Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 32
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 2
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] avast! Antivirus
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] ShellSvcGroup
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] aswMonFlt?RpcSS?
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] LocalSystem
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
                            Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] Behandelt en implementeert avast! antivirus diensten voor deze computer. Dit bevat de interne bescherming, de viruskluis en de planner.

                            ---- EOF - GMER 2.1 ----

                            Comment


                            • #15
                              Download Zoek.zip naar het bureaublad.
                              1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
                              2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

                              • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
                              • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
                              • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                              • Kopieer nu onderstaande code en plak die in het grote invulvenster:
                              • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
                                Code:
                                {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5};c
                                {3A787631-66A2-4634-B928-A37E73B58FB6};c 
                                [-HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo];r
                                [-HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde];r
                                {33BB0A4E-99AF-4226-BDF6-49120163DE86};c
                                {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3};c
                                torpigcheck;
                                emptyclsid;
                                emptyfolderscheck;delete
                                firefoxlook; 
                                Chromelook;  
                                autoclean; 
                                iedefaults; 
                                filesrcm;
                              • Klik nu op de knop "Run script".
                              • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
                              • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
                              • Post het geopende logje in het volgende bericht als bijlage.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X