Komputer laguje/tnie się

**Posty:** 1 · przez **majones** 21 Kwi 2013, 16:37

Witam.
Mam ostatnio problem z komputerem, a mianowicie często mi się przycina. Z początku sporadycznie w grach, np. w fifie mniej więcej raz na połowę meczu taki 2 sekundowy freez obrazu ( przy czym może warto powiedzieć, że dźwięk leciał dalej płynnie). później problem się nasilił (+-3razy na połowę meczu ale jeden po drugim). Teraz z kolei nawet podczas przeglądania internetu zdarzają się krótkie freezy.
Terez co już do tej pory zrobiłem, przeskanowałem oczywiście antywirusem, nic to nie dało. Na jakimś forum znalazłem, żeby ściągnąć jakiegoś antymalware, też ściągnąłem, przeskanowałem i nic. Komputer w środku odkurzony.
Nie wiem czy to może mieć związek, ale wcześniej podczas grania i pracy w programie do renderowania wyskakiwały mi artefakty na ekranie, w internecie przeczytałem, że może pasta termoprzewodząca na karcie graficznej się zużyła. Zakupiem więc nową i wymieniłem. Artefakty zniknęły ale pojawił się powyższy problem, z tym że nie potrafię powiedzieć czy to stało się bezpośrednio po wymianie pasty i miało z tym jakikolwiek związek. Tymniemniej pomyślawszy, że tak właśnie mogło być i, że np przesadziłem z ilością pasty, dziś wyczyściłem i przesmarowałem od nowa, co jednak nie pomogło.
To w zasadzie tyle, poradzicie coś?
logi (pierwszy raz to robię więc jak coś nie tak to dajcie znać)
OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2013-04-21 16:13:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oem\Desktop\matma\programosy\otl 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 36,60% Memory free 8,00 Gb Paging File | 5,19 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 188,50 Gb Free Space | 20,24% Space Free | Partition Type: NTFS Computer Name: OEM-KOMPUTER | User Name: oem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-21 15:55:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\matma\programosy\otl\OTL.exe PRC - [2013-04-21 15:53:19 | 000,377,856 | ---- | M] () -- C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe PRC - [2013-04-12 15:23:38 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2013-01-26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\oem\AppData\Local\Akamai\netsession_win.exe PRC - [2012-07-31 15:13:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010-02-25 17:56:30 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2009-08-24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE PRC - [2009-08-04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009-08-04 18:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009-07-14 22:24:50 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-04-21 15:53:19 | 000,377,856 | ---- | M] () -- C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe MOD - [2013-04-12 15:23:38 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010-02-25 17:56:30 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2009-07-30 19:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009-07-14 22:24:14 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPlk.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2012-11-16 16:27:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2012-07-04 08:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011-12-05 17:13:33 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2010-12-28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-04-12 15:23:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-03-29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-03-13 18:01:15 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-31 15:13:26 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-21 17:08:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-08-24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009-08-04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2013-03-07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2012-07-04 08:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2012-07-04 08:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2012-07-04 07:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012-03-05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV:[b]64bit:[/b] - [2012-03-05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:[b]64bit:[/b] - [2012-03-01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2010-02-24 10:12:37 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-02-19 18:50:54 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2010-02-19 16:30:13 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2010-02-18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009-07-30 13:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-07-17 20:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-29 15:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009-06-10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013-04-21 15:49:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112558&tt=3012_1&babsrc=HP_ss&mntrId=76b2a1bb000000000000002191f4251d IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112558&tt=3012_1&babsrc=SP_ss&mntrId=76b2a1bb000000000000002191f4251d IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes\{11818507-F49D-4860-812E-362E98AB524A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes\{51F932BA-E570-4610-9FB6-1E25D0E66A52}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes\{54631F60-05E2-4936-A27B-170B705B178A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=EBF60304-60DF-477F-BB18-1DD115912BF0&apn_sauid=9D1E51BC-C15D-4DBE-A3F1-0A36191C6FD8 IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SHCN_plPL368 IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\SearchScopes\{EDE06CDD-D525-4897-9337-75178C3E1F07}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "http://www.google.com/search?hl=en&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-04-05 22:30:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-12 15:23:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-12 15:23:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-12 15:23:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-12 15:23:35 | 000,000,000 | ---D | M] [2012-06-23 20:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions [2012-04-18 16:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions [2013-02-08 02:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\vnuaxgjg.default\extensions [2012-10-08 12:55:06 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\vnuaxgjg.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2012-09-11 15:13:20 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\vnuaxgjg.default\extensions\504cb6492257c@504cb649225b4.info [2013-01-09 20:48:15 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\vnuaxgjg.default\extensions\50ed99cf5fa35@50ed99cf5fa6f.com [2012-04-18 16:53:04 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi [2012-01-03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\vnuaxgjg.default\searchplugins\askcom.xml [2013-01-09 19:35:41 | 000,000,553 | ---- | M] () -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\vnuaxgjg.default\searchplugins\WebSearch.xml [2013-04-12 15:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-04-12 15:23:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-12 15:23:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-12 15:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2013-04-05 22:30:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2013-04-12 15:23:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-01-12 10:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2013-02-27 17:05:46 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-07-27 12:47:34 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013-02-27 17:05:46 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2013-02-27 17:05:46 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2013-02-27 17:05:46 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2013-02-27 17:05:46 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-02-27 17:05:46 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://websearch.soft-quick.info/ CHR - homepage: http://websearch.soft-quick.info/ CHR - Extension: Dysk Google = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: avast! WebRep = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: continuetosave = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjkddliacflepgkdodobfbideiomdae\1\ CHR - Extension: DownloadnSave = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oingdgghenhfhganefifcjnhjpfjifpk\1.0_0\ CHR - Extension: Gmail = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013-01-27 15:07:43 | 000,000,887 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 backup.lumion3d.com O1 - Hosts: 127.0.0.1 activate.lumion.com O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3:[b]64bit:[/b] - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000..\Run: [Akamai NetSession Interface] C:\Users\oem\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found O4 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3340635731-3230715513-3752858382-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.110.0.cab (Battlefield Heroes Updater) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6687981B-656F-4F63-B48C-A7843DF36FA4}: DhcpNameServer = 62.179.1.62 62.179.1.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67B6E9E0-494D-4C1D-9758-4B32B536916B}: DhcpNameServer = 192.168.2.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-12-05 17:06:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{8b1dd0c1-211c-11df-9944-002191f4251d}\Shell - "" = AutoRun O33 - MountPoints2\{8b1dd0c1-211c-11df-9944-002191f4251d}\Shell\AutoRun\command - "" = I:\Installer.exe O33 - MountPoints2\{c975099b-37db-11df-851b-002191f4251d}\Shell - "" = AutoRun O33 - MountPoints2\{c975099b-37db-11df-851b-002191f4251d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-12 15:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-04-07 15:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013-04-05 21:10:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-04-05 21:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resident Evil 6 [2013-04-05 21:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DangeSecond [2013-04-05 20:55:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013-04-05 20:55:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013-04-05 20:55:12 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013-04-05 20:55:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013-04-05 20:52:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-04-05 20:52:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-04-05 20:52:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-04-05 20:52:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-04-05 20:52:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-04-05 20:52:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-04-05 20:52:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-04-05 20:52:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-04-05 20:52:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-04-05 20:52:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-04-05 20:52:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-04-05 20:52:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-04-05 20:52:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-04-05 20:52:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-04-05 20:52:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-04-05 20:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DangeSecond [2013-04-05 20:32:53 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013-04-05 20:32:53 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2013-04-05 20:25:46 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-04-05 20:25:45 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-04-05 20:25:45 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-04-05 20:25:42 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2013-04-05 20:25:42 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2013-04-05 20:25:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013-04-05 20:25:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013-04-05 20:25:37 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013-04-05 20:25:37 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013-04-05 20:25:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013-04-05 20:25:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-04-05 20:25:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-04-05 20:25:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013-04-05 20:25:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-04-05 20:25:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-04-05 20:25:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-04-05 20:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013-04-05 20:25:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013-04-05 20:25:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013-04-05 20:25:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013-04-05 20:25:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013-04-05 20:25:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013-04-05 20:25:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013-04-05 20:25:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013-04-05 20:25:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013-04-05 20:25:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013-04-05 20:25:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013-04-05 20:25:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013-04-05 20:25:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013-04-05 20:25:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013-04-05 20:25:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013-04-05 20:25:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013-04-05 20:25:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013-04-05 20:25:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013-04-05 20:25:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013-04-05 20:25:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013-04-05 20:25:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013-04-05 20:25:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013-04-05 20:25:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013-04-05 20:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013-04-05 20:25:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013-04-05 20:25:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013-04-05 20:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013-04-05 20:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013-04-05 20:25:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013-04-05 20:25:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-04-05 20:25:28 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013-04-05 20:25:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013-04-05 20:25:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013-04-05 20:25:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013-04-05 20:25:03 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-04-05 20:24:20 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013-04-05 20:24:20 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013-04-05 20:24:18 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2013-04-05 20:24:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2013-04-05 20:23:45 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013-04-05 20:23:44 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013-04-05 20:23:44 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013-04-05 20:23:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013-04-05 20:23:43 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013-04-05 20:23:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013-04-05 20:23:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013-04-05 20:23:36 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2013-04-05 20:23:35 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2013-04-05 20:23:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013-04-05 20:23:35 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013-04-05 20:23:19 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2013-04-05 20:23:19 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2013-04-05 20:23:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2013-04-05 20:23:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2013-04-05 20:23:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2013-04-05 20:23:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2013-04-05 20:23:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2013-04-05 20:23:18 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2013-04-05 20:23:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2013-04-05 20:23:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2013-04-05 20:23:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2013-04-05 20:23:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2013-04-05 20:23:10 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013-04-05 20:23:06 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2013-04-05 20:23:06 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2013-04-05 20:23:03 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2013-04-05 20:23:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2013-04-05 20:23:01 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2013-04-05 20:23:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2013-04-05 20:22:52 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2013-04-05 20:22:52 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2013-04-05 20:22:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013-04-05 20:22:34 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2013-04-05 20:22:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013-04-05 20:22:21 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2013-04-05 20:22:21 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2013-04-05 20:22:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2013-04-05 20:22:21 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2013-04-05 20:22:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2013-04-05 20:22:20 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2013-04-05 20:22:20 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2013-04-05 20:22:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2013-04-05 20:22:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2013-04-05 20:22:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2013-04-05 20:22:16 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013-04-05 20:22:16 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013-04-05 20:22:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013-04-05 20:22:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013-04-05 20:22:08 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013-04-05 20:22:02 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013-04-05 20:21:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013-04-05 20:21:49 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013-04-05 20:21:49 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013-04-05 20:21:28 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-04-05 20:21:27 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-04-05 20:11:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-04-05 20:11:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-04-05 20:11:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-04-05 20:11:34 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-04-05 20:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013-04-05 20:06:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2013-04-05 20:06:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2013-04-05 19:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock Infinite [2013-04-05 19:15:18 | 000,000,000 | ---D | C] -- C:\Games [2013-04-04 22:40:42 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Malwarebytes [2013-04-04 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013-03-30 16:40:19 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\InstallShield [2013-03-27 20:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-03-27 20:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013-03-27 20:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-21 16:01:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-04-21 15:56:28 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-04-21 15:56:28 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-04-21 15:49:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2013-04-21 15:48:52 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-04-21 15:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-04-21 15:48:35 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013-04-21 15:47:32 | 000,000,188 | ---- | M] () -- C:\Users\oem\defogger_reenable [2013-04-21 15:31:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-04-21 08:43:22 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-04-21 08:43:22 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-04-21 08:43:22 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-04-21 08:43:22 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-04-21 08:43:22 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-04-10 19:31:38 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013-04-07 15:15:04 | 005,302,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-04-05 22:30:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013-04-05 21:05:09 | 000,000,968 | ---- | M] () -- C:\Users\oem\Desktop\Resident. Evil 6.lnk [2013-04-05 20:11:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-04-05 20:11:27 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013-04-05 20:11:27 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013-04-05 20:11:27 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-04-05 20:11:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-04-05 20:11:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-04-05 19:35:55 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\BioShock Infinite.lnk [2013-04-05 07:48:34 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013-04-01 19:45:28 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013-04-01 19:45:28 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-04-01 19:44:46 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013-03-29 10:32:40 | 000,002,432 | ---- | M] () -- C:\Users\oem\AppData\Local\TempAP4924.html [2013-03-29 10:32:40 | 000,002,089 | ---- | M] () -- C:\Users\oem\AppData\Local\TempoO4924.html [2013-03-29 10:32:38 | 000,002,432 | ---- | M] () -- C:\Users\oem\AppData\Local\TempeQ4924.html [2013-03-29 10:32:38 | 000,002,089 | ---- | M] () -- C:\Users\oem\AppData\Local\Tempck4924.html [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-21 15:47:32 | 000,000,188 | ---- | C] () -- C:\Users\oem\defogger_reenable [2013-04-05 22:30:19 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013-04-05 22:30:18 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013-04-05 21:05:09 | 000,000,968 | ---- | C] () -- C:\Users\oem\Desktop\Resident. Evil 6.lnk [2013-04-05 19:35:55 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\BioShock Infinite.lnk [2013-03-29 10:30:25 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeQ4924.html [2013-03-29 10:30:25 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempck4924.html [2013-03-29 10:23:35 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAP4924.html [2013-03-29 10:23:35 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoO4924.html [2012-09-25 11:58:39 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQT4564.html [2012-09-25 11:58:39 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemplM4564.html [2012-07-19 18:47:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempq58180.html [2012-07-19 18:47:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempY58180.html [2012-04-18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-03-17 19:17:15 | 000,059,408 | ---- | C] () -- C:\Windows\War3Unin.dat [2012-02-15 23:40:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTAm640.html [2012-02-15 23:40:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbvn640.html [2012-02-15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-02-15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-01-26 17:17:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeE3180.html [2012-01-26 17:17:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRj3180.html [2012-01-20 01:10:56 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2012-01-15 19:13:04 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqK2728.html [2012-01-15 19:13:04 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfI2728.html [2012-01-08 12:24:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKE2856.html [2012-01-08 12:24:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJT2856.html [2012-01-06 23:04:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbt4444.html [2012-01-06 23:04:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temprb4444.html [2011-12-05 16:11:20 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011-11-24 09:46:54 | 000,000,000 | ---- | C] () -- C:\Users\oem\AppData\Local\{8B20E249-1158-4BBF-A73D-CF3FCD3FD6A6} [2011-11-20 11:47:43 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVM6068.html [2011-11-20 11:47:43 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempca6068.html [2011-11-01 13:01:45 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyj5588.html [2011-11-01 13:01:45 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLP5588.html [2011-10-25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011-10-14 13:56:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYs4444.html [2011-10-14 13:56:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZX4444.html [2011-10-09 16:15:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRV5176.html [2011-10-09 16:15:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNt5176.html [2011-10-01 20:48:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGM3816.html [2011-10-01 20:48:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphr3816.html [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-09-14 09:36:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNJ5480.html [2011-09-14 09:36:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempuv5480.html [2011-09-13 20:14:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempiU3508.html [2011-09-13 20:14:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUh3508.html [2011-09-07 10:31:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPB6700.html [2011-09-07 10:31:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHZ6700.html [2011-08-30 15:46:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZf5832.html [2011-08-30 15:46:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHN5832.html [2011-08-19 19:58:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdY5224.html [2011-08-19 19:58:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYz5224.html [2011-08-19 19:57:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFb3644.html [2011-08-19 19:57:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEd3644.html [2011-08-18 20:20:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppP4700.html [2011-08-18 20:20:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptk4700.html [2011-08-17 19:54:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTt3088.html [2011-08-17 19:54:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempme3088.html [2011-08-15 10:17:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptV3156.html [2011-08-15 10:17:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZP3156.html [2011-08-09 14:35:58 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLL5892.html [2011-08-09 14:35:58 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptG5892.html [2011-08-09 11:07:29 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-08-09 11:07:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-08-06 11:53:48 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempqv4540.html [2011-08-06 11:53:48 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMM4540.html [2011-07-31 12:42:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempsC4076.html [2011-07-31 12:42:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkM4076.html [2011-07-28 16:23:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOQ4688.html [2011-07-28 16:23:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcP4688.html [2011-07-20 22:10:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempxE5860.html [2011-07-20 22:10:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCH5860.html [2011-07-16 11:12:48 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKf4740.html [2011-07-16 11:12:48 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempel4740.html [2011-07-14 12:23:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCZ4072.html [2011-07-14 12:23:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkW4072.html [2011-07-13 22:24:47 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWt3408.html [2011-07-13 22:24:47 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXP3408.html [2011-07-13 10:19:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQB2144.html [2011-07-13 10:19:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempbE2144.html [2011-07-12 10:50:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuH4620.html [2011-07-12 10:50:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwO4620.html [2011-07-12 10:38:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUs4296.html [2011-07-12 10:38:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempuz4296.html [2011-07-11 19:30:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmc5224.html [2011-07-11 19:30:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuR5224.html [2011-07-07 19:12:04 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTQ4080.html [2011-07-07 19:12:04 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLM4080.html [2011-07-07 13:05:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempruf736.html [2011-07-07 13:05:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRUp736.html [2011-07-05 13:33:09 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSG2636.html [2011-07-05 13:33:09 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprF2636.html [2011-07-04 19:13:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRO1076.html [2011-07-04 19:13:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOS1076.html [2011-07-03 20:43:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempvF3744.html [2011-07-03 20:43:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXc3744.html [2011-07-02 18:42:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyx4172.html [2011-07-02 18:42:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempaj4172.html [2011-07-01 19:47:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempwe3592.html [2011-07-01 19:47:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFo3592.html [2011-06-29 22:06:45 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGe5956.html [2011-06-29 22:06:45 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempid5956.html [2011-06-29 15:11:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUi2816.html [2011-06-29 15:11:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempue2816.html [2011-06-29 12:44:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbx4100.html [2011-06-29 12:44:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbr4100.html [2011-06-29 09:08:43 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcz2956.html [2011-06-29 09:08:43 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcX2956.html [2011-06-28 22:35:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWp4752.html [2011-06-28 22:35:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWK4752.html [2011-06-28 15:19:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIT2488.html [2011-06-28 15:19:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDi2488.html [2011-06-28 11:35:43 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgP2404.html [2011-06-28 11:35:43 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoK2404.html [2011-06-27 15:45:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZQ3040.html [2011-06-27 15:45:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTt3040.html [2011-06-26 22:08:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempel7280.html [2011-06-26 22:08:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBk7280.html [2011-06-26 15:34:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemplJ7412.html [2011-06-26 15:34:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUI7412.html [2011-06-26 11:34:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGc7956.html [2011-06-26 11:34:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHA7956.html [2011-06-25 21:29:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeA3644.html [2011-06-25 21:29:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcM3644.html [2011-06-25 18:27:56 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZY2688.html [2011-06-25 18:27:56 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSf2688.html [2011-06-25 17:35:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHgp164.html [2011-06-25 17:35:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGaj164.html [2011-06-22 20:18:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYn4072.html [2011-06-22 20:18:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcn4072.html [2011-06-21 10:14:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHA3716.html [2011-06-21 10:14:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLe3716.html [2011-06-17 11:23:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMX4360.html [2011-06-17 11:23:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIp4360.html [2011-06-13 16:52:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYI5288.html [2011-06-13 16:52:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuR5288.html [2011-06-12 10:51:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCJ2628.html [2011-06-12 10:51:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempjD2628.html [2011-06-09 14:18:35 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgN3580.html [2011-06-09 14:18:35 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSO3580.html [2011-06-09 11:11:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIn3832.html [2011-06-09 11:11:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTm3832.html [2011-06-08 11:44:04 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWu4856.html [2011-06-08 11:44:04 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHD4856.html [2011-06-07 12:32:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfF1572.html [2011-06-07 12:32:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnJ1572.html [2011-06-06 12:47:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGA4440.html [2011-06-06 12:47:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCV4440.html [2011-06-05 15:34:53 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJR3180.html [2011-06-05 15:34:53 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXX3180.html [2011-06-04 23:42:54 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempzq1156.html [2011-06-04 23:42:54 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempha1156.html [2011-06-03 14:33:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempgx2804.html [2011-06-03 14:33:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMB2804.html [2011-05-31 23:36:18 | 000,000,000 | ---- | C] () -- C:\Users\oem\AppData\Local\{8974A9FF-7805-4E61-8AA0-26ABD29CD49E} [2011-05-31 23:31:27 | 000,000,000 | ---- | C] () -- C:\Users\oem\AppData\Local\{9E8A6978-7C49-444F-ACD8-B944BC65E067} [2011-05-23 10:58:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempiS2892.html [2011-05-23 10:58:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgO2892.html [2011-05-22 10:00:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSG4276.html [2011-05-22 10:00:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempME4276.html [2011-05-19 10:49:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempxv5096.html [2011-05-19 10:49:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkK5096.html [2011-05-18 11:45:04 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIk6736.html [2011-05-18 11:45:04 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSg6736.html [2011-05-12 13:48:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvy3844.html [2011-05-12 13:48:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempms3844.html [2011-05-08 15:22:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNY1208.html [2011-05-08 15:22:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempxH1208.html [2011-05-07 18:57:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYi1012.html [2011-05-07 18:57:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLE1012.html [2011-05-03 20:41:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempoj6864.html [2011-05-03 20:41:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZY6864.html [2011-05-03 18:21:37 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHj3960.html [2011-05-03 18:21:37 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJy3960.html [2011-05-03 12:28:39 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOm5476.html [2011-05-03 12:28:39 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRj5476.html [2011-05-02 17:44:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcC4460.html [2011-05-02 17:44:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNY4460.html [2011-05-01 16:12:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIN1780.html [2011-05-01 16:12:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempgx1780.html [2011-04-29 11:23:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfV5740.html [2011-04-29 11:23:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAg5740.html [2011-04-26 15:31:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDo3044.html [2011-04-26 15:31:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOj3044.html [2011-04-22 22:19:25 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLt3304.html [2011-04-22 22:19:25 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoF3304.html [2011-04-19 12:03:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPE4564.html [2011-04-19 12:03:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRp4564.html [2011-04-17 09:08:58 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempio2580.html [2011-04-17 09:08:58 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempId2580.html [2011-04-12 20:19:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphd3680.html [2011-04-12 20:19:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQP3680.html [2011-04-03 19:30:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBo4016.html [2011-04-03 19:30:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJG4016.html [2011-03-24 21:39:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQA1312.html [2011-03-24 21:39:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempId1312.html [2011-03-12 21:26:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgH3976.html [2011-03-12 21:26:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCn3976.html [2011-03-07 13:44:31 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAYk164.html [2011-03-07 13:44:31 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppWY164.html [2011-02-22 16:44:46 | 000,005,120 | ---- | C] () -- C:\Users\oem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-20 12:30:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBYm856.html [2011-02-20 12:30:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRDQ856.html [2011-02-17 15:21:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuZ3188.html [2011-02-17 15:21:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWL3188.html [2011-02-12 20:49:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLh1872.html [2011-02-12 20:49:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempqm1872.html [2011-02-08 16:15:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJQ6196.html [2011-02-08 16:15:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVL6196.html [2011-02-06 11:23:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIj2040.html [2011-02-06 11:23:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHN2040.html [2011-01-31 22:12:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdR2476.html [2011-01-31 22:12:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDA2476.html [2011-01-29 22:02:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcq3644.html [2011-01-29 22:02:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempkj3644.html [2011-01-27 13:01:16 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRs4332.html [2011-01-27 13:01:16 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempor4332.html [2011-01-24 19:37:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKV2164.html [2011-01-24 19:37:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZr2164.html [2011-01-24 11:47:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUJ6592.html [2011-01-24 11:47:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBE6592.html [2011-01-24 11:47:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgF7500.html [2011-01-24 11:47:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHz7500.html [2011-01-23 13:42:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnA1472.html [2011-01-23 13:42:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJU1472.html [2011-01-20 11:31:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempvJ4352.html [2011-01-20 11:31:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcA4352.html [2011-01-18 13:08:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempsv9372.html [2011-01-18 13:08:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempsF9372.html [2011-01-15 21:12:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkZ5896.html [2011-01-15 21:12:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgJ5896.html [2011-01-14 14:27:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUz4648.html [2011-01-14 14:27:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaM4648.html [2011-01-12 19:33:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdE3520.html [2011-01-12 19:33:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnG3520.html [2011-01-12 19:00:16 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVX1276.html [2011-01-12 19:00:16 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempui1276.html [2011-01-11 21:01:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZV6092.html [2011-01-11 21:01:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUL6092.html [2011-01-10 20:25:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTJ1488.html [2011-01-10 20:25:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRT1488.html [2011-01-09 15:20:05 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptS5720.html [2011-01-09 15:20:05 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRa5720.html [2011-01-08 20:07:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFN3504.html [2011-01-08 20:07:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeN3504.html [2011-01-07 16:21:15 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmb3116.html [2011-01-07 16:21:15 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBn3116.html [2011-01-06 17:58:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLm5456.html [2011-01-06 17:58:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppi5456.html [2011-01-05 15:32:22 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppO2692.html [2011-01-05 15:32:22 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWK2692.html [2011-01-04 17:49:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgB4636.html [2011-01-04 17:49:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzJ4636.html [2011-01-03 14:49:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempok1960.html [2011-01-03 14:49:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdN1960.html [2011-01-02 23:32:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppK3540.html [2011-01-02 23:32:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXZ3540.html [2011-01-01 14:56:39 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCA1936.html [2011-01-01 14:56:39 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempxu1936.html [2010-12-31 13:15:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMe3264.html [2010-12-31 13:15:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempig3264.html [2010-12-29 11:39:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempmL5304.html [2010-12-29 11:39:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempxu5304.html [2010-12-23 17:23:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHh6024.html [2010-12-23 17:23:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempmY6024.html [2010-12-21 15:42:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptJ4496.html [2010-12-21 15:42:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQM4496.html [2010-12-19 14:09:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGU5448.html [2010-12-19 14:09:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempkd5448.html [2010-12-12 17:46:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzU4324.html [2010-12-12 17:46:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppb4324.html [2010-12-08 22:07:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAq4104.html [2010-12-08 22:07:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempqo4104.html [2010-12-08 18:52:53 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempzv4044.html [2010-12-08 18:52:53 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYr4044.html [2010-12-08 16:37:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZO8108.html [2010-12-08 16:37:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempxG8108.html [2010-12-06 19:24:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuY3452.html [2010-12-06 19:24:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZX3452.html [2010-12-04 17:19:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Templq2076.html [2010-12-04 17:19:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemplZ2076.html [2010-12-01 18:59:09 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempun1088.html [2010-12-01 18:59:09 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkR1088.html [2010-11-30 21:55:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBc3180.html [2010-11-30 21:55:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempxc3180.html [2010-11-29 21:53:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWa4264.html [2010-11-29 21:53:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYa4264.html [2010-11-28 21:06:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvj2916.html [2010-11-28 21:06:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCT2916.html [2010-11-25 22:13:56 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempkq2828.html [2010-11-25 22:13:56 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEw2828.html [2010-11-25 18:19:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppq3168.html [2010-11-25 18:19:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvl3168.html [2010-11-21 20:57:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqG1440.html [2010-11-21 20:57:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPM1440.html [2010-11-19 17:46:56 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFL3284.html [2010-11-19 17:46:56 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYC3284.html [2010-11-18 20:09:32 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyu4972.html [2010-11-18 20:09:32 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDm4972.html [2010-11-17 18:00:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJA5568.html [2010-11-17 18:00:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempky5568.html [2010-11-17 16:28:25 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprF4112.html [2010-11-17 16:28:25 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppr4112.html [2010-11-15 17:24:39 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFQ1568.html [2010-11-15 17:24:39 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoG1568.html [2010-11-12 11:21:54 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUz4368.html [2010-11-12 11:21:54 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBI4368.html [2010-11-08 15:17:47 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyK3752.html [2010-11-08 15:17:47 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempek3752.html [2010-11-08 15:06:54 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBqh552.html [2010-11-08 15:06:54 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnGg552.html [2010-11-07 10:12:05 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempnv5728.html [2010-11-07 10:12:05 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoV5728.html [2010-11-02 21:55:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNs1680.html [2010-11-02 21:55:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempfx1680.html [2010-11-01 21:13:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWD4876.html [2010-11-01 21:13:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBX4876.html [2010-11-01 11:08:05 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFSV336.html [2010-11-01 11:08:05 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNWn336.html [2010-10-31 14:31:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempuc5088.html [2010-10-31 14:31:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempiX5088.html [2010-10-30 18:28:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBu3612.html [2010-10-30 18:28:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOL3612.html [2010-10-26 17:03:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQe1924.html [2010-10-26 17:03:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbl1924.html [2010-10-25 19:40:17 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCB4044.html [2010-10-25 19:40:17 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempxV4044.html [2010-10-25 15:18:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUW2748.html [2010-10-25 15:18:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFC2748.html [2010-10-24 19:10:48 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempmH2944.html [2010-10-24 19:10:48 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDh2944.html [2010-10-24 14:27:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLW4896.html [2010-10-24 14:27:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempwe4896.html [2010-10-24 10:07:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemplF4576.html [2010-10-24 10:07:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptQ4576.html [2010-10-21 13:39:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZS4264.html [2010-10-21 13:39:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfT4264.html [2010-10-20 19:48:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptZ4048.html [2010-10-20 19:48:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Templf4048.html [2010-10-20 16:58:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSV1396.html [2010-10-20 16:58:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoB1396.html [2010-10-19 20:26:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYG4916.html [2010-10-19 20:26:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXr4916.html [2010-10-19 15:34:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempkm6464.html [2010-10-19 15:34:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKw6464.html [2010-10-18 19:34:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempmFZ676.html [2010-10-18 19:34:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMYs676.html [2010-10-18 14:20:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOf3240.html [2010-10-18 14:20:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempfh3240.html [2010-10-17 16:44:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYH4880.html [2010-10-17 16:44:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCd4880.html [2010-10-17 11:11:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemphM4112.html [2010-10-17 11:11:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAu4112.html [2010-10-17 08:29:58 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptg3904.html [2010-10-17 08:29:58 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXy3904.html [2010-10-16 18:45:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKY1052.html [2010-10-16 18:45:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFX1052.html [2010-10-15 15:48:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLE1808.html [2010-10-15 15:48:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNO1808.html [2010-10-14 13:10:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSU2192.html [2010-10-14 13:10:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptP2192.html [2010-10-14 09:35:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAI1284.html [2010-10-14 09:35:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaD1284.html [2010-10-10 11:37:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwA3456.html [2010-10-10 11:37:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkO3456.html [2010-10-09 17:45:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaM6244.html [2010-10-09 17:45:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyH6244.html [2010-10-07 19:56:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJb4956.html [2010-10-07 19:56:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXY4956.html [2010-10-06 19:30:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIH5100.html [2010-10-06 19:30:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempdd5100.html [2010-10-05 20:11:22 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvv3456.html [2010-10-05 20:11:22 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLE3456.html [2010-10-04 19:26:35 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwBC316.html [2010-10-04 19:26:35 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempecB316.html [2010-10-04 15:17:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOX2868.html [2010-10-04 15:17:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempjo2868.html [2010-10-04 14:57:09 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempvM3516.html [2010-10-04 14:57:09 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuN3516.html [2010-10-03 14:02:09 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXK5156.html [2010-10-03 14:02:09 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFX5156.html [2010-10-03 11:02:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuI5208.html [2010-10-03 11:02:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkJ5208.html [2010-10-01 15:37:56 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZY2052.html [2010-10-01 15:37:56 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMb2052.html [2010-10-01 13:06:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempeq4496.html [2010-10-01 13:06:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOO4496.html [2010-09-30 15:23:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUN2568.html [2010-09-30 15:23:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzG2568.html [2010-09-29 18:50:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSx2388.html [2010-09-29 18:50:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuB2388.html [2010-09-28 22:43:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppm4016.html [2010-09-28 22:43:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmg4016.html [2010-09-28 16:56:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEt5240.html [2010-09-28 16:56:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBK5240.html [2010-09-27 15:10:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDm4604.html [2010-09-27 15:10:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXi4604.html [2010-09-26 19:58:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcU2520.html [2010-09-26 19:58:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptR2520.html [2010-09-26 19:01:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempym4540.html [2010-09-26 19:01:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempoq4540.html [2010-09-26 08:57:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJp3840.html [2010-09-26 08:57:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemphC3840.html [2010-09-25 22:49:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzQ4172.html [2010-09-25 22:49:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempvH4172.html [2010-09-24 20:17:57 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphy5140.html [2010-09-24 20:17:57 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIO5140.html [2010-09-23 19:59:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQv1288.html [2010-09-23 19:59:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzE1288.html [2010-09-23 15:09:16 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempmE2108.html [2010-09-23 15:09:16 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTp2108.html [2010-09-23 13:14:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXu1304.html [2010-09-23 13:14:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyj1304.html [2010-09-22 19:15:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqM3556.html [2010-09-22 19:15:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKq3556.html [2010-09-22 11:39:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkX3972.html [2010-09-22 11:39:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempuk3972.html [2010-09-20 19:08:43 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCG5992.html [2010-09-20 19:08:43 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXD5992.html [2010-09-20 14:37:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOW4008.html [2010-09-20 14:37:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempmM4008.html [2010-09-19 19:19:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyI2152.html [2010-09-19 19:19:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbj2152.html [2010-09-19 15:51:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010-09-18 19:42:54 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempfu5444.html [2010-09-18 19:42:54 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOs5444.html [2010-09-15 16:18:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKP5000.html [2010-09-15 16:18:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLA5000.html [2010-09-13 19:45:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQd4556.html [2010-09-13 19:45:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGL4556.html [2010-09-12 16:05:48 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphh1068.html [2010-09-12 16:05:48 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyK1068.html [2010-09-12 08:29:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNc3580.html [2010-09-12 08:29:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempdu3580.html [2010-09-11 11:58:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPY5424.html [2010-09-11 11:58:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempfv5424.html [2010-09-09 15:02:25 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprZj300.html [2010-09-09 15:02:25 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQIe300.html [2010-09-07 16:50:31 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempheN756.html [2010-09-07 16:50:31 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOjK756.html [2010-09-06 19:06:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCk4628.html [2010-09-06 19:06:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNl4628.html [2010-09-05 19:38:05 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoO1308.html [2010-09-05 19:38:05 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLy1308.html [2010-09-05 16:03:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempne3792.html [2010-09-05 16:03:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempwh3792.html [2010-09-04 17:36:17 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBS6612.html [2010-09-04 17:36:17 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKf6612.html [2010-09-04 15:07:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPAz604.html [2010-09-04 15:07:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwYw604.html [2010-09-03 14:47:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempze3104.html [2010-09-03 14:47:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemplX3104.html [2010-09-02 22:09:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYs5112.html [2010-09-02 22:09:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyD5112.html [2010-09-02 15:13:31 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAc3352.html [2010-09-02 15:13:31 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJY3352.html [2010-09-01 20:20:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBC2088.html [2010-09-01 20:20:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Templu2088.html [2010-09-01 11:02:43 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphay164.html [2010-09-01 11:02:43 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprHD164.html [2010-08-31 21:37:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOJ3580.html [2010-08-31 21:37:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqT3580.html [2010-08-31 13:45:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQD7476.html [2010-08-31 13:45:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempxL7476.html [2010-08-31 08:12:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempiw1280.html [2010-08-31 08:12:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppg1280.html [2010-08-30 23:43:54 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJB2008.html [2010-08-30 23:43:54 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJt2008.html [2010-08-30 20:12:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempqj5808.html [2010-08-30 20:12:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXe5808.html [2010-08-30 11:35:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSg2556.html [2010-08-30 11:35:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPH2556.html [2010-08-30 08:03:05 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUu2692.html [2010-08-30 08:03:05 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNn2692.html [2010-08-29 16:27:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempns1124.html [2010-08-29 16:27:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoE1124.html [2010-08-29 09:16:48 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDh1372.html [2010-08-29 09:16:48 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNG1372.html [2010-08-28 22:06:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYm4464.html [2010-08-28 22:06:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCJ4464.html [2010-08-28 09:17:28 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwU2164.html [2010-08-28 09:17:28 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXU2164.html [2010-08-27 15:45:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempuh6972.html [2010-08-27 15:45:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAq6972.html [2010-08-27 11:53:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVQ4648.html [2010-08-27 11:53:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBb4648.html [2010-08-27 10:01:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprT2496.html [2010-08-27 10:01:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDE2496.html [2010-08-26 21:49:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempvK1600.html [2010-08-26 21:49:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcZ1600.html [2010-08-26 09:46:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEd3844.html [2010-08-26 09:46:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempsJ3844.html [2010-08-25 18:40:15 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRJ3700.html [2010-08-25 18:40:15 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUC3700.html [2010-08-25 11:08:49 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptf4072.html [2010-08-25 11:08:49 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqA4072.html [2010-08-24 15:26:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaO4824.html [2010-08-24 15:26:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemplO4824.html [2010-08-24 10:37:01 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempzv3360.html [2010-08-24 10:37:01 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempah3360.html [2010-08-23 22:36:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeP2740.html [2010-08-23 22:36:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcY2740.html [2010-08-23 20:46:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSl4888.html [2010-08-23 20:46:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOA4888.html [2010-08-23 09:26:04 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZH3432.html [2010-08-23 09:26:04 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmv3432.html [2010-08-22 22:00:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDB4196.html [2010-08-22 22:00:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempiF4196.html [2010-08-22 20:18:05 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYy4012.html [2010-08-22 20:18:05 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPl4012.html [2010-08-22 19:09:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYBf804.html [2010-08-22 19:09:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgmC804.html [2010-08-22 15:53:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptwB808.html [2010-08-22 15:53:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqmC808.html [2010-08-22 09:25:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempdj2208.html [2010-08-22 09:25:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNx2208.html [2010-08-21 23:17:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQu4232.html [2010-08-21 23:17:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempbY4232.html [2010-08-21 22:43:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJF4988.html [2010-08-21 22:43:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRg4988.html [2010-08-21 18:13:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTc3984.html [2010-08-21 18:13:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempin3984.html [2010-08-21 14:09:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDV3444.html [2010-08-21 14:09:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZC3444.html [2010-08-21 09:45:45 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppZ4072.html [2010-08-21 09:45:45 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppq4072.html [2010-08-20 21:25:58 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempjQ4732.html [2010-08-20 21:25:58 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKp4732.html [2010-08-20 08:40:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNW3896.html [2010-08-20 08:40:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDR3896.html [2010-08-19 23:01:17 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempqd2504.html [2010-08-19 23:01:17 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPz2504.html [2010-08-19 13:00:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVc4360.html [2010-08-19 13:00:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHJ4360.html [2010-08-19 10:30:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaZ2236.html [2010-08-19 10:30:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempzo2236.html [2010-08-18 22:48:28 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempud1284.html [2010-08-18 22:48:28 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRY1284.html [2010-08-18 10:37:09 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVR3932.html [2010-08-18 10:37:09 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmg3932.html [2010-08-17 22:13:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWwc220.html [2010-08-17 22:13:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSYO220.html [2010-08-17 15:57:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMT2120.html [2010-08-17 15:57:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBU2120.html [2010-08-17 09:36:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempATy924.html [2010-08-17 09:36:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaYE924.html [2010-08-16 21:39:02 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprN4296.html [2010-08-16 21:39:02 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptr4296.html [2010-08-16 14:04:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempew3848.html [2010-08-16 14:04:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAU3848.html [2010-08-16 10:07:32 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSw2312.html [2010-08-16 10:07:32 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTc2312.html [2010-08-15 19:31:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzTU652.html [2010-08-15 19:31:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempelf652.html [2010-08-15 09:58:48 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHA2580.html [2010-08-15 09:58:48 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLD2580.html [2010-08-14 22:56:10 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLR2208.html [2010-08-14 22:56:10 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqN2208.html [2010-08-14 14:19:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQd3084.html [2010-08-14 14:19:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcc3084.html [2010-08-14 09:57:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQNn332.html [2010-08-14 09:57:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFOO332.html [2010-08-13 23:56:02 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMy4036.html [2010-08-13 23:56:02 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDq4036.html [2010-08-13 09:17:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempva3608.html [2010-08-13 09:17:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHL3608.html [2010-08-12 22:50:05 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZoY424.html [2010-08-12 22:50:05 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCea424.html [2010-08-12 10:23:45 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGv3904.html [2010-08-12 10:23:45 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempaf3904.html [2010-08-11 23:09:31 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempfl1404.html [2010-08-11 23:09:31 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDT1404.html [2010-08-11 22:47:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCIg396.html [2010-08-11 22:47:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHJb396.html [2010-08-11 20:00:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzQ4212.html [2010-08-11 20:00:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Templm4212.html [2010-08-11 09:47:56 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempic2780.html [2010-08-11 09:47:56 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyn2780.html [2010-08-10 21:14:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUH3496.html [2010-08-10 21:14:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKi3496.html [2010-08-10 15:36:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYf3860.html [2010-08-10 15:36:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQf3860.html [2010-08-10 10:58:37 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTd3816.html [2010-08-10 10:58:37 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzS3816.html [2010-08-09 19:38:53 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempxC4732.html [2010-08-09 19:38:53 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMX4732.html [2010-08-09 09:46:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPw2456.html [2010-08-09 09:46:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXj2456.html [2010-08-08 21:52:35 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHk3500.html [2010-08-08 21:52:35 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOE3500.html [2010-08-08 19:26:32 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptG3188.html [2010-08-08 19:26:32 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwW3188.html [2010-08-08 10:37:57 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqS4804.html [2010-08-08 10:37:57 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemphK4804.html [2010-08-08 09:47:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFh4944.html [2010-08-08 09:47:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPZ4944.html [2010-08-07 20:23:25 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcT3332.html [2010-08-07 20:23:25 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempgs3332.html [2010-08-07 19:25:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoM3148.html [2010-08-07 19:25:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempim3148.html [2010-08-07 11:55:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLC2640.html [2010-08-07 11:55:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIB2640.html [2010-08-06 13:27:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDs3576.html [2010-08-06 13:27:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKx3576.html [2010-08-06 09:32:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdP3532.html [2010-08-06 09:32:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempjl3532.html [2010-08-05 21:47:16 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHK4284.html [2010-08-05 21:47:16 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoU4284.html [2010-08-05 18:47:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLK3468.html [2010-08-05 18:47:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDz3468.html [2010-08-05 13:05:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHp4300.html [2010-08-05 13:05:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempad4300.html [2010-08-05 00:04:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDn4492.html [2010-08-05 00:04:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaL4492.html [2010-08-04 21:34:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVG3048.html [2010-08-04 21:34:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXO3048.html [2010-08-04 10:51:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcm2340.html [2010-08-04 10:51:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempgm2340.html [2010-08-03 23:51:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRN2308.html [2010-08-03 23:51:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempxy2308.html [2010-08-03 21:35:10 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRn1760.html [2010-08-03 21:35:10 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempiq1760.html [2010-08-03 18:32:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFF4820.html [2010-08-03 18:32:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPE4820.html [2010-08-03 10:58:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSO3848.html [2010-08-03 10:58:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvz3848.html [2010-08-02 23:06:30 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempmU3748.html [2010-08-02 23:06:30 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBv3748.html [2010-08-02 16:40:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUB2176.html [2010-08-02 16:40:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprG2176.html [2010-08-02 09:46:32 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempea4092.html [2010-08-02 09:46:32 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOu4092.html [2010-08-01 22:50:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbm3460.html [2010-08-01 22:50:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyC3460.html [2010-08-01 21:43:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemprJ4032.html [2010-08-01 21:43:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFy4032.html [2010-08-01 20:03:47 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempwq3240.html [2010-08-01 20:03:47 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOc3240.html [2010-08-01 10:37:45 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYw3208.html [2010-08-01 10:37:45 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoT3208.html [2010-07-31 20:10:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEH3408.html [2010-07-31 20:10:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBD3408.html [2010-07-31 10:44:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeES416.html [2010-07-31 10:44:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQxu416.html [2010-07-30 21:24:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyW3904.html [2010-07-30 21:24:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphe3904.html [2010-07-30 19:13:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZo2132.html [2010-07-30 19:13:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempge2132.html [2010-07-30 15:29:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNn4028.html [2010-07-30 15:29:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempdd4028.html [2010-07-30 11:05:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempei4064.html [2010-07-30 11:05:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempeu4064.html [2010-07-30 00:21:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoP5060.html [2010-07-30 00:21:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPP5060.html [2010-07-29 20:35:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTi2468.html [2010-07-29 20:35:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoI2468.html [2010-07-29 19:49:28 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Templu1432.html [2010-07-29 19:49:28 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZK1432.html [2010-07-29 13:50:10 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyk4576.html [2010-07-29 13:50:10 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEF4576.html [2010-07-29 09:39:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSh3956.html [2010-07-29 09:39:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempqu3956.html [2010-07-28 20:53:57 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAu4372.html [2010-07-28 20:53:57 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphl4372.html [2010-07-28 19:03:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSm4964.html [2010-07-28 19:03:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyH4964.html [2010-07-28 16:27:47 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempiA5992.html [2010-07-28 16:27:47 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwR5992.html [2010-07-28 12:25:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMv3256.html [2010-07-28 12:25:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptu3256.html [2010-07-27 10:25:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempzl4336.html [2010-07-27 10:25:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNW4336.html [2010-07-26 11:22:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQb1004.html [2010-07-26 11:22:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempzd1004.html [2010-07-25 23:47:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYX4248.html [2010-07-25 23:47:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqU4248.html [2010-07-25 21:51:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyL1660.html [2010-07-25 21:51:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPg1660.html [2010-07-25 12:41:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQe4892.html [2010-07-25 12:41:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOv4892.html [2010-07-25 10:40:15 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempns4404.html [2010-07-25 10:40:15 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFW4404.html [2010-07-24 21:06:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempjQ4196.html [2010-07-24 21:06:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEL4196.html [2010-07-24 14:48:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJn5108.html [2010-07-24 14:48:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempuf5108.html [2010-07-24 11:53:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwU4988.html [2010-07-24 11:53:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHm4988.html [2010-07-24 10:41:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptD5232.html [2010-07-24 10:41:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcd5232.html [2010-07-23 19:29:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQy3684.html [2010-07-23 19:29:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptB3684.html [2010-07-23 15:00:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAfz808.html [2010-07-23 15:00:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcub808.html [2010-07-23 14:06:22 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemphY6016.html [2010-07-23 14:06:22 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAc6016.html [2010-07-23 12:03:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYG5616.html [2010-07-23 12:03:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphg5616.html [2010-07-23 11:05:10 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQw4844.html [2010-07-23 11:05:10 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfB4844.html [2010-07-22 19:57:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAw1840.html [2010-07-22 19:57:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPW1840.html [2010-07-22 11:56:18 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNR4628.html [2010-07-22 11:56:18 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZO4628.html [2010-07-22 11:30:02 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLl3960.html [2010-07-22 11:30:02 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdM3960.html [2010-07-22 09:29:55 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyf1688.html [2010-07-22 09:29:55 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdF1688.html [2010-07-21 08:13:35 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempgl3952.html [2010-07-21 08:13:35 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAO3952.html [2010-07-20 22:28:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvd2984.html [2010-07-20 22:28:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTy2984.html [2010-07-20 20:07:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempkx4244.html [2010-07-20 20:07:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaV4244.html [2010-07-20 16:26:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempis4348.html [2010-07-20 16:26:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIY4348.html [2010-07-20 13:09:48 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDv3732.html [2010-07-20 13:09:48 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempaz3732.html [2010-07-20 11:00:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAj3644.html [2010-07-20 11:00:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyt3644.html [2010-07-19 21:06:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFh4960.html [2010-07-19 21:06:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRM4960.html [2010-07-19 13:55:45 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYc5132.html [2010-07-19 13:55:45 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNA5132.html [2010-07-19 11:15:22 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempdy4480.html [2010-07-19 11:15:22 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppn4480.html [2010-07-19 10:23:28 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwT3796.html [2010-07-19 10:23:28 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHc3796.html [2010-07-18 14:32:54 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfW2908.html [2010-07-18 14:32:54 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOP2908.html [2010-07-18 11:43:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyr1176.html [2010-07-18 11:43:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRS1176.html [2010-07-16 14:59:47 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempup2936.html [2010-07-16 14:59:47 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkN2936.html [2010-07-15 12:08:36 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJz2976.html [2010-07-15 12:08:36 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempnc2976.html [2010-07-13 16:08:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRcX928.html [2010-07-13 16:08:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKzx928.html [2010-07-11 11:42:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Templlo340.html [2010-07-11 11:42:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempyuq340.html [2010-07-09 21:26:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOG3972.html [2010-07-09 21:26:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfI3972.html [2010-07-08 19:00:54 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCC1432.html [2010-07-08 19:00:54 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMX1432.html [2010-07-07 23:24:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempXq1048.html [2010-07-07 23:24:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKJ1048.html [2010-07-05 11:58:31 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempfbv628.html [2010-07-05 11:58:31 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphpd628.html [2010-07-05 09:46:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGr2776.html [2010-07-05 09:46:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempgI2776.html [2010-07-04 22:42:30 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUR4684.html [2010-07-04 22:42:30 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempjm4684.html [2010-07-03 14:41:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLa2576.html [2010-07-03 14:41:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppF2576.html [2010-06-28 10:02:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSP4056.html [2010-06-28 10:02:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempbB4056.html [2010-06-25 12:52:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempxU3892.html [2010-06-25 12:52:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempdu3892.html [2010-06-23 19:59:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIX3604.html [2010-06-23 19:59:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJe3604.html [2010-06-23 16:38:24 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDT1564.html [2010-06-23 16:38:24 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmj1564.html [2010-06-20 22:57:30 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempog7504.html [2010-06-20 22:57:30 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRH7504.html [2010-06-19 22:21:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempOC6832.html [2010-06-19 22:21:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNV6832.html [2010-06-19 20:33:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaZ3688.html [2010-06-19 20:33:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempaw3688.html [2010-06-19 09:48:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempha3444.html [2010-06-19 09:48:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJc3444.html [2010-06-18 22:58:47 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempjX4848.html [2010-06-18 22:58:47 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLL4848.html [2010-06-16 16:10:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempxi4356.html [2010-06-16 16:10:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGt4356.html [2010-06-09 21:48:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempsz3568.html [2010-06-09 21:48:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLg3568.html [2010-06-08 19:15:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJa4068.html [2010-06-08 19:15:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYn4068.html [2010-06-07 13:14:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCD4816.html [2010-06-07 13:14:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphe4816.html [2010-06-07 10:54:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEF4468.html [2010-06-07 10:54:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdK4468.html [2010-06-06 15:50:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVk4400.html [2010-06-06 15:50:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCQ4400.html [2010-06-05 20:59:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaW2528.html [2010-06-05 20:59:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoZ2528.html [2010-06-05 15:04:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempfg4304.html [2010-06-05 15:04:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRk4304.html [2010-06-05 09:31:27 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGM2236.html [2010-06-05 09:31:27 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempro2236.html [2010-06-04 20:11:19 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptc4012.html [2010-06-04 20:11:19 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVM4012.html [2010-06-04 12:56:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempja5032.html [2010-06-04 12:56:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempoi5032.html [2010-06-03 21:36:44 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQL3944.html [2010-06-03 21:36:44 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvl3944.html [2010-05-31 18:36:25 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJa3824.html [2010-05-31 18:36:25 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temprz3824.html [2010-05-26 15:50:35 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNBm668.html [2010-05-26 15:50:35 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSqQ668.html [2010-05-17 21:05:50 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempow4576.html [2010-05-17 21:05:50 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempaR4576.html [2010-05-16 21:59:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcK1888.html [2010-05-16 21:59:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRh1888.html [2010-05-14 21:47:17 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempCC1588.html [2010-05-14 21:47:17 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVr1588.html [2010-05-13 19:12:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwI5144.html [2010-05-13 19:12:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQG5144.html [2010-05-12 20:44:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEm4372.html [2010-05-12 20:44:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcn4372.html [2010-05-11 19:29:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZR1600.html [2010-05-11 19:29:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temple1600.html [2010-05-10 21:12:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempbS1448.html [2010-05-10 21:12:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempFH1448.html [2010-05-10 19:38:15 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempoa1876.html [2010-05-10 19:38:15 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGt1876.html [2010-05-09 21:34:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKt3616.html [2010-05-09 21:34:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempPy3616.html [2010-05-08 20:00:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvn1716.html [2010-05-08 20:00:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIJ1716.html [2010-05-07 17:23:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempbK2624.html [2010-05-07 17:23:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppY2624.html [2010-05-06 18:35:23 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempiM4444.html [2010-05-06 18:35:23 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphh4444.html [2010-05-03 12:08:38 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGW4464.html [2010-05-03 12:08:38 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemppA4464.html [2010-05-01 16:37:20 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeY4260.html [2010-05-01 16:37:20 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLR4260.html [2010-04-27 14:46:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempyW1800.html [2010-04-27 14:46:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYn1800.html [2010-04-27 10:45:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNU1784.html [2010-04-27 10:45:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphx1784.html [2010-04-26 19:19:15 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDh2560.html [2010-04-26 19:19:15 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQS2560.html [2010-04-24 16:20:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHE4936.html [2010-04-24 16:20:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWK4936.html [2010-04-18 14:10:17 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temprc4860.html [2010-04-18 14:10:17 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempWh4860.html [2010-04-16 19:14:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempuG5052.html [2010-04-16 19:14:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempsb5052.html [2010-04-12 19:22:08 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempdG4444.html [2010-04-12 19:22:08 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temppd4444.html [2010-04-11 16:08:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQC6108.html [2010-04-11 16:08:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHp6108.html [2010-04-09 16:21:04 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNI2088.html [2010-04-09 16:21:04 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempLk2088.html [2010-04-04 11:58:17 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfE1872.html [2010-04-04 11:58:17 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptH1872.html [2010-04-03 15:43:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempzh4888.html [2010-04-03 15:43:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDk4888.html [2010-04-02 14:49:53 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempwc2420.html [2010-04-02 14:49:53 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMy2420.html [2010-04-01 19:21:16 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRu4156.html [2010-04-01 19:21:16 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempvL4156.html [2010-03-28 10:23:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temprg4580.html [2010-03-28 10:23:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempiC4580.html [2010-03-27 20:02:52 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnL4884.html [2010-03-27 20:02:52 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempTp4884.html [2010-03-24 21:23:15 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmh5036.html [2010-03-24 21:23:15 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TemptS5036.html [2010-03-23 20:10:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempMKL860.html [2010-03-23 20:10:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIen860.html [2010-03-22 19:35:56 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVa4760.html [2010-03-22 19:35:56 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSv4760.html [2010-03-21 22:17:32 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfX8264.html [2010-03-21 22:17:32 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempxc8264.html [2010-03-21 11:03:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempcy5168.html [2010-03-21 11:03:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmv5168.html [2010-03-19 20:09:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempnf2744.html [2010-03-19 20:09:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempwD2744.html [2010-03-17 17:01:51 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHI4972.html [2010-03-17 17:01:51 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempcZ4972.html [2010-03-16 20:54:41 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempgn4984.html [2010-03-16 20:54:41 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempqw4984.html [2010-03-15 20:54:35 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemphS5872.html [2010-03-15 20:54:35 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYk5872.html [2010-03-14 18:06:33 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnW4236.html [2010-03-14 18:06:33 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempbT4236.html [2010-03-12 14:57:12 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRu4516.html [2010-03-12 14:57:12 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempBW4516.html [2010-03-10 16:02:03 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempbY2960.html [2010-03-10 16:02:03 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Templo2960.html [2010-03-09 17:35:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIw2576.html [2010-03-09 17:35:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUA2576.html [2010-03-08 19:31:59 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempsM3976.html [2010-03-08 19:31:59 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQT3976.html [2010-03-07 13:08:43 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempGV1496.html [2010-03-07 13:08:43 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRB1496.html [2010-03-07 10:29:31 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempZw2220.html [2010-03-07 10:29:31 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDy2220.html [2010-03-06 19:03:30 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempww3404.html [2010-03-06 19:03:30 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempHg3404.html [2010-03-05 21:04:42 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSe4356.html [2010-03-05 21:04:42 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIi4356.html [2010-03-05 17:31:49 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnNh336.html [2010-03-05 17:31:49 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVwp336.html [2010-03-04 19:20:07 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIU4320.html [2010-03-04 19:20:07 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempka4320.html [2010-03-03 21:19:58 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempal1008.html [2010-03-03 21:19:58 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempAg1008.html [2010-03-03 09:49:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempvw1856.html [2010-03-03 09:49:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Temphm1856.html [2010-02-28 11:34:31 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempEX2036.html [2010-02-28 11:34:31 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempqH2036.html [2010-02-27 17:57:13 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempSC4176.html [2010-02-27 17:57:13 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempzO4176.html [2010-02-27 13:01:34 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temprq2552.html [2010-02-27 13:01:34 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempKY2552.html [2010-02-27 11:58:15 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptgg728.html [2010-02-27 11:58:15 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempRsu728.html [2010-02-26 17:53:46 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempJI4356.html [2010-02-26 17:53:46 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYa4356.html [2010-02-26 16:08:11 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempygX224.html [2010-02-26 16:08:11 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempVRi224.html [2010-02-26 11:21:04 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfC3692.html [2010-02-26 11:21:04 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoO3692.html [2010-02-25 17:34:47 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TemphpG928.html [2010-02-25 17:34:47 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempISk928.html [2010-02-25 11:07:00 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempoQ3428.html [2010-02-25 11:07:00 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempnX3428.html [2010-02-23 16:50:26 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Temptkv304.html [2010-02-23 16:50:26 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIuz304.html [2010-02-22 11:52:14 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempQP3960.html [2010-02-22 11:52:14 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempmv3960.html [2010-02-21 13:26:06 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempIO4260.html [2010-02-21 13:26:06 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempdg4260.html [2010-02-21 12:02:40 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempjL2676.html [2010-02-21 12:02:40 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempDx2676.html [2010-02-20 21:19:43 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempYGC728.html [2010-02-20 21:19:43 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempbtl728.html [2010-02-20 19:26:25 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempfV4420.html [2010-02-20 19:26:25 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempNT4420.html [2010-02-19 19:12:21 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempgg2912.html [2010-02-19 19:12:21 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempsb2912.html [2010-02-19 18:38:29 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\TempeR3084.html [2010-02-19 18:38:29 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempkM3084.html [2010-02-19 16:04:53 | 000,002,432 | ---- | C] () -- C:\Users\oem\AppData\Local\Tempet3928.html [2010-02-19 16:04:53 | 000,002,089 | ---- | C] () -- C:\Users\oem\AppData\Local\TempUM3928.html [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-07-09 22:09:07 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\.mono [2011-08-07 16:50:55 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\2K Sports [2012-09-01 17:42:31 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Aeria Games & Entertainment [2011-12-19 18:52:59 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Autodesk [2012-07-31 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Awesomium [2013-04-05 19:15:04 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\BitComet [2012-10-26 11:40:11 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Blender Foundation [2010-02-24 10:17:11 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite [2013-03-29 10:30:22 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Gadu-Gadu 10 [2011-07-28 16:26:05 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\GameRanger [2012-12-16 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Gatling Gears [2013-02-28 15:21:57 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Hive Cluster [2010-10-07 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Leadertech [2010-07-06 16:24:32 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\LolClient [2012-11-12 23:01:44 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Might & Magic Heroes VI [2010-02-21 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\OpenFM [2012-11-30 22:48:45 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Origin [2012-01-20 01:18:13 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\pdfforge [2013-01-21 00:34:36 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Quest3D [2012-09-11 15:13:03 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\SendSpace [2013-02-20 20:22:28 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Synthesia [2010-05-19 22:21:36 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\The Creative Assembly [2011-12-12 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Trine2 [2012-08-25 09:26:07 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ubisoft [2010-03-06 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\WinAVI [2012-07-27 12:47:24 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\YourFileDownloader [2013-03-13 23:41:29 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\{4530AD6C-8F37-48FC-A98E-05BC4DC37899} [2013-03-13 23:41:06 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\{51C471C6-A70A-495C-B2A6-718887CE5203} [2013-03-17 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\{D3735205-6509-4D20-AFC7-B1FCB0FD2C21} [2013-03-17 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\{F26A87B3-562E-4A3F-8F78-2C31557FA0F2} [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2013-04-21 16:13:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oem\Desktop\matma\programosy\otl 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 36,60% Memory free 8,00 Gb Paging File | 5,19 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 188,50 Gb Free Space | 20,24% Space Free | Partition Type: NTFS Computer Name: OEM-KOMPUTER | User Name: oem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\Microsoft Office\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\Microsoft Office\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AA49064-14E2-4A33-BDEB-86A83AFA0F2E}" = lport=58862 | protocol=6 | dir=in | name=pando media booster | "{12B97F5A-82D6-4FC9-8C4D-90CAE6167E27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{14D33D06-E370-4DCA-B0D4-096D49EE9736}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{2A79502C-FB12-4B7E-BFF4-B65D0E9C1F3A}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{2CF3B44C-9B8B-4830-A16D-CCCA0FE28734}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{2D2701E4-782C-4A5B-BB7C-EE8925127FBB}" = lport=2869 | protocol=6 | dir=in | app=system | "{391C3A58-0D4A-4EF2-8BE2-FF5DD56B9000}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{479B8920-06E6-4B15-A872-939DEF836471}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{51C4D13E-652D-4810-A2DA-47203AD863CB}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{6B3CEB49-462F-49A5-86BB-B6545261FB5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{74861853-4835-41D5-95A1-C16DC5E20A0E}" = lport=1600 | protocol=6 | dir=in | name=port1600 | "{844030A9-589E-4451-860F-F66F3578B69A}" = lport=10243 | protocol=6 | dir=in | app=system | "{86B49654-E760-43D5-A177-52465C6DC5E0}" = lport=137 | protocol=17 | dir=in | app=system | "{87255317-91B1-4669-B8BD-20901F9D4830}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9270AFC2-84C6-4AE2-8035-5CE248B4B7AE}" = lport=138 | protocol=17 | dir=in | app=system | "{9636ACC0-6A96-4BBD-9F20-88A35A98D77B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9D34607B-E676-481F-8322-3B5FDFB26050}" = rport=445 | protocol=6 | dir=out | app=system | "{A4A247FD-CBE9-4053-B1B1-DECD0EE742E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B3924B06-61A3-4486-8535-F910674854FA}" = rport=10243 | protocol=6 | dir=out | app=system | "{BD58936A-A2DD-4BF0-B293-844BAEFD4049}" = lport=139 | protocol=6 | dir=in | app=system | "{BEB336CE-D837-4F0A-A66B-6AC241B02EC6}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{C363486C-E3D7-4C90-8941-2EF726BF2526}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C931B24A-3621-4CC6-8B53-8745112C6E14}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{CCC20B18-AF93-462B-961D-4A9FCB621312}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D9F1D0F7-25DF-4CEF-9772-2B32438B2EC3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DB8C846C-DEB7-4FB8-865C-7A128F279361}" = rport=137 | protocol=17 | dir=out | app=system | "{DC171869-60DF-4F30-AB54-C0C0E142DE7F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E638FB6D-4582-4538-940D-AE9FC94A6B3C}" = lport=58862 | protocol=17 | dir=in | name=pando media booster | "{E92F7A58-C22A-472B-9DA1-184DD248A312}" = rport=138 | protocol=17 | dir=out | app=system | "{EF7C9767-E8D4-48C3-B992-7F04BC5319AC}" = rport=139 | protocol=6 | dir=out | app=system | "{F31E84AF-A649-49C8-A1EB-BD2061925D89}" = lport=445 | protocol=6 | dir=in | app=system | "{F612889F-8D46-40FB-9261-4BF83D6A3824}" = rport=1600 | protocol=6 | dir=out | name=port1600 dwa | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0012A389-5726-4908-BDDE-8933C39CD8A5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{012BB248-2D4E-40E2-8CFD-6228D16D7DB2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{06595E5C-302E-4340-82B1-D3FDA500CE77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe | "{069D19D0-2121-4903-8FCD-1D63F82DD988}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{0BD9CA9F-0933-4AC8-8D05-1A12597EA533}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | "{0CA8AA20-EEE3-4F70-9EC5-0AA1A34041A5}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl legendary edition\autorun\exe\autorun.exe | "{0CF3E97B-2C0F-49F3-8429-CC3F9CCFC527}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{1391F4D2-07BC-45A4-BBD5-9F12CA384C91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{14E9F92A-6888-499C-A262-9DFE7A7711F5}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{17187179-AEBD-4993-96A3-C573832CFEFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{17544F51-A4F5-4FBC-979F-E1A5AF0DEB90}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{17F51D63-2D65-4FFD-BC75-218E6870312C}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe | "{187FFEB1-B015-44C5-9B1F-3327DE0EA581}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | "{1B3B6004-3AE5-4B70-9F24-573047F0F897}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | "{1B645AA8-0F12-4804-AC2E-0256EB283237}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{1CA69940-54AC-417A-AAF8-3856E15189A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe | "{1F621493-79F1-4639-9C27-921DD2322FA3}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | "{1FDDEC62-821C-44A0-A5CB-224BD0855F9B}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | "{2105E17D-744E-4854-9CE3-A41B8A5168DE}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{21520042-D621-402A-960A-D0615F31A901}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{22CC863E-768B-469A-A4DA-4EE3CC05D781}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{250A8241-A8E9-4351-918C-2978BFD1E92F}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | "{274CA3C5-453E-4420-B25E-8FBCC868909C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | "{27BDC02D-562F-4995-BC98-95320217C078}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl legendary edition\bb_le.exe | "{29C3ACF3-1772-468D-A0D1-BE5A40D6EAB3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{2AB33E88-BD28-46E2-9602-CE2B40CF9E83}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{2B7D2CE6-FF55-4555-9EF6-BFC6B048D5B4}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{2C3FDA4B-F178-4A47-A79A-F0CA6DF756C5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | "{2CF08B7D-4BB0-4CFC-A28A-AEE13D13651C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\shaun white skateboarding.exe | "{2E00714F-32FD-4666-BC40-127EA6F2D077}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{2E56B9AC-B33A-4073-B1E7-277A623485FE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2FC3BFCE-5611-4963-AF32-AA184878BE74}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{307AE2B2-28C9-4D11-A54C-79CBA65EC0A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{32956B6F-2E53-4A4B-B131-7F2284CE1EBA}" = protocol=17 | dir=in | app=c:\mati\world of warcraft\launcher.patch.exe | "{3295783C-0FD7-4280-A9A7-3688CDB36A43}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{343D41BD-2219-4B06-8710-C5685E0EB31B}" = dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe | "{3446A401-7CF8-4697-9EEE-AE01E55B7270}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{349AA3F4-4648-426B-B038-9B82A5028E51}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | "{357FB97E-5DDD-4966-86BB-44ABEE07F614}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{368C9646-42D1-4999-B389-4394CC35EF1B}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | "{3773D431-109B-4D9B-97CF-8C69C8EADE69}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\gamesettings.exe | "{38B35DCC-7EE5-498A-A646-F0EECB4A7440}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | "{3A8D39BB-740A-4333-BA17-C630428171E0}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl legendary edition\bb_le.exe | "{3C2D2191-FF16-4B42-9267-CECC4063CEF2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3C464628-364B-4C6B-A6C7-D35A50194B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | "{3C7DEE50-CF62-42AC-99B7-54F85FCCAFCB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{3CE42C41-3AAA-44A9-83DC-7D9C4C56BF9B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{3D875CD5-8508-4849-B403-439742D098BB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - the game\bin\avatarlauncher.exe | "{3DD873CC-AD7D-4423-BDD0-C00F9E25A065}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{4076A639-1F91-4AF2-A9CD-31C3AFDBDF94}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{41A5335A-F77D-446E-9C5F-D849D89564CF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | "{49386733-99FB-4AF9-9CDE-D759A082DA71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{49BCAD10-6260-4E9A-B2CC-EB89552DE07D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{49FE1F8F-359C-45C5-9C76-B3014C4C27D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4A2A4177-B774-40AF-8316-719DEF396960}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{4B73E394-29C8-4686-A738-8FCE6D78E5AC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\gu.exe | "{4C083461-9237-4B8B-9A0E-28A9420AFE0E}" = protocol=6 | dir=in | app=c:\mati\world of warcraft\launcher.patch.exe | "{4C6F5272-4FC1-4427-9F68-8446D7A7C4FD}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe | "{505AB606-BDC6-46C9-9E34-1A5FC466AF5B}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\launcher.exe | "{50F1653E-581F-4094-827F-CFABE045D62F}" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-3.2.0-enus-downloader.exe | "{51AACC2A-E377-4AFC-BDFE-7FFE82B9C023}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{520F0D97-49ED-42F4-BB59-93AF81B11872}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | "{52D9DDB7-EA85-4085-9342-009C6BC092F2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\uplaybrowser.exe | "{565F5BCD-37B5-410B-958D-357D8E5069FA}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | "{57185E27-FC21-482B-BAF3-841DB24E4375}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | "{58AF9ABB-C368-4261-AD93-EBE42352DD77}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | "{599A2BE4-81DA-4C95-BB11-184916CA8C61}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5A8A2DDC-A37B-4EA7-8795-53B2916EAEFF}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | "{5BA33869-6A5D-45D0-83F0-8C58E4F8486A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{5BF3F763-403D-4D08-BC6D-0795D51B4068}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{5D509C46-B005-4F82-AEED-B7BB8ACC6C91}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5E30341C-1A17-42AA-9F06-DC4134D4AE01}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{5E7A38B8-3021-4C65-95DA-AE3815A00248}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{5F655038-BD96-4D1F-8B9D-4DE3CCCAF71E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{60A0F437-D9A6-46C3-B04E-DA3B9BD0468E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{630EC53E-A108-4428-8C16-2A2D96F18C78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{632CDF95-686C-44E6-B328-4ABD5677ACBA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{643639B8-8466-48FE-975C-A5B1FCDBF773}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\gu.exe | "{65C3BCA5-EF6C-4EFD-9733-48ECD61F646D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{65E1E21F-190B-4CD7-A250-2306330C1858}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - the game\bin\avatar.exe | "{664443CF-6F53-4735-837A-C079024ED3EA}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe | "{670CA8B9-150F-464E-914E-273EF37755E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{678BD8BD-D8F8-4EC4-AF9D-D2836447E1F4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{6811CF13-6DED-49C8-874E-3E267EA3EB9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6982829D-C2AF-4610-89A3-3D0D94C7F9E7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - the game\bin\avatar.exe | "{6BCD2291-FC0C-44A0-B003-0349CAF42633}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6D269966-F1AE-45BD-8CC3-60D4D281012B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl legendary edition\autorun\exe\autorun.exe | "{6D3F5B78-CAB6-4445-A103-9FFAB68A42A0}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\spider-man(tm) - shattered dimensions\game.exe | "{6D66DC80-C4D7-4596-88F7-7808E559407D}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | "{6DD74BA3-08BB-4A22-A5C9-017E4C28D82C}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | "{70F88051-9B44-4341-8A76-1835665F64D3}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | "{72668842-5267-4112-A17A-A127C541C42B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{74779894-5A81-4D26-9816-CEABA5CCDDA3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{75A49009-ECC6-47FA-9DA7-FC83A4FC6B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | "{75AFDCCD-68D0-46A7-95B8-AF95D7DFFD6B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | "{783F57AB-80DF-449E-9444-1CD19FEA0CC0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{78C6DD9A-28CF-4476-AD17-C0184C373AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | "{79BFE39E-E47A-48FC-8720-38B78052FEE0}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | "{7A822F54-AAB3-4554-A26C-3581E4E3A25E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CC8B2B3-582D-430A-81B8-A191CBAB7F5A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{7E055278-61D0-4956-9EF3-858994306C64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{7F6C42E8-B5AB-4F51-982D-E0F780C987DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{7F878E73-22BB-42E0-A661-86DCC49CB21A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{7FA9D533-8A6C-442C-9AC5-78EDE3F13287}" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-3.2.0-engb-downloader.exe | "{83D6D2AD-AEA5-4F56-A4E6-7737DC60BAA0}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | "{84A8D175-CA6C-4FA7-A79B-5809D55EFBAF}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{86002CFA-E794-4BDB-8628-DE78E141EDB7}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{886FD682-C043-43F0-9219-E443395BA94A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8D19EA18-0875-4D76-B68E-19B850415A1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{8D8B60E3-0D2A-41A2-BC3A-CBC01B62CEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{8DFEB7A3-FE55-48A8-BBC2-AB95ED2EA6F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{8E17D067-3A06-4E5B-8E58-20CE4817A991}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{8E84064D-CD73-4C7B-A20D-B505FF3A83AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9037F25B-0272-43DA-BF5C-2EAAB23F618A}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe | "{907C5F25-C237-402D-8B6C-43434BCC5CAF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{9192C3D6-9A85-4F7A-9B6C-E61AD5B5B77D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\shaun white skateboarding.exe | "{94038A66-C4EE-4BA3-B219-95CFC66EAB95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9530242C-1835-4DC4-A870-86DF31B04D71}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe | "{95A0BDA4-140F-4A20-8E7E-74D308A358E1}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | "{95DECDBE-DB9C-48E3-BB80-A0E93564BABE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{98AC1205-2F20-4F3B-8889-BF7FEFF051CF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{98B5C0AF-BC0E-45F7-937A-59E9A0F9F008}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{995217CA-B099-4603-994B-2BAABD56358B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{9B1E0553-2ED8-4A49-9F56-2393BD05070D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\uplaybrowser.exe | "{A1B18275-7DEF-42AA-9A20-97AA50D4C064}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A1DFF7C0-6952-4D9F-858D-E349E213306A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | "{A2B07A61-B862-4840-B91E-0586BD5A0570}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{A3D011B2-3B79-4AEE-B843-2182D694779A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{A419595E-2C58-4E52-A1F0-8CC868BD686E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{A4E3877A-AF40-4D10-B491-240183B35A6E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{A8A8F906-EE8A-4EAC-872F-4839F2300BE7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | "{A8C68416-8DAC-464A-983F-237493E4B8BC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\shaun white skateboarding\gamesettings.exe | "{A914BD5A-2A7B-4678-9491-2EAA3C1AF815}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{A9AB9266-41D8-4B06-9349-D60B4A6ACEBC}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | "{A9AE14B7-44F1-44E6-9EE2-10AE193F7874}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ACE1BF8A-9EDE-4D42-A364-5F943EB6970F}" = protocol=17 | dir=in | app=c:\mati\bitcomet\bitcomet.exe | "{ADDBA19D-6CF3-4617-854E-1666A749435C}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | "{AF5594D8-00C0-43C6-848E-BB1055B72DE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{AFB94D0D-A197-4173-9056-B849135D1F82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{B2025702-AE0B-4990-95D3-781E69C91CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\patcher_update.exe | "{B456F354-43CB-4E7E-BDFF-C93989D6529C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{B4D1ADA7-C33C-432B-A9F0-03097365D2D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{B5CC247C-D3DC-43D9-A6EA-8FEBDFFA795F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{BA0D229E-82E4-46EF-93F6-63941C9E2F99}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | "{BA512D16-EEBB-4609-9CD1-969BF3D3D4A9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{BBE7AD4B-773D-4CDA-99C3-787D7D820735}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{BD9DB7DA-BEA1-4601-AD33-CB5BEFD1BEB1}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{BF30E5C2-2804-4929-844F-09710F5452A0}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{C0B5ADB4-70A9-40F6-9503-DB97622F269E}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\spider-man(tm) - shattered dimensions\game.exe | "{C18881C3-86DF-4025-B05C-35F2FBF04ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{C246D80F-AF2E-4BBF-B6E4-3A8C65A55C37}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{C25468E4-2220-4D23-9245-A48CBCCABEB9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{C5B94D1B-8847-4E85-A777-7DE3A97535C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C68C32C1-3A42-4920-9924-9E15D6B96C99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{C882EA2D-1E4B-4E9A-9284-AFA0A10E1FED}" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-3.2.0-enus-downloader.exe | "{C90FC901-C650-4FE3-BE02-C821936311B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CA0C4293-39DA-4EE3-A975-9E3FFE20382A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CAD82C39-177D-4C6E-B757-CB0CC38ED040}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{CAEC62BC-4C06-46FA-BC3C-4B9B3807F373}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{CBF89EF6-7693-4485-A085-BABDA0BE66BE}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe | "{CF79AE3D-84A7-45FF-A9C6-4708D9808AF3}" = protocol=6 | dir=in | app=c:\users\oem\desktop\audioconverter_setup.exe | "{D05397D1-903F-4DDA-80ED-23ADA74A8FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{D0E0FE00-75FE-45E3-A1CE-689741D53566}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{D102710F-FAB0-4457-995B-D184501FB13E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{D184B8D2-0BAD-4837-B718-47E105A2961E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D18522F3-AA35-42BF-B134-D0A400E08F52}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe | "{D214E225-6029-4FD5-ACB6-98ED06E4433D}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe | "{D252E220-2537-4CBC-A8B2-201A201BBC55}" = protocol=17 | dir=in | app=c:\users\oem\desktop\audioconverter_setup.exe | "{D2F69223-24AA-47B7-8EFB-98DBC0B1BB64}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{D4A6485F-C821-4FEE-9F91-58ACAF38626E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{D82CD249-DA32-44EB-9C0F-A427168645C4}" = protocol=6 | dir=out | app=system | "{DA18D22E-A249-4278-99D2-896FE8F107DB}" = protocol=6 | dir=in | app=c:\mati\bitcomet\bitcomet.exe | "{DB8B5CA6-B007-4F3C-B71F-E855BD8B16CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{DBC8A1DC-6C48-47C1-BE7C-0D6876E703FB}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe | "{DFAAB799-AE4B-4C2B-B67D-520950E0305E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{E44A13BD-85B4-462B-B0D0-630AA5BBD24E}" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-3.2.0-engb-downloader.exe | "{E534006C-C679-4127-9EDA-993F5EC7D112}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E77B7C14-5E9D-4D81-A29B-4BB4F27659A4}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\patcher_update.exe | "{E7DEE4D9-04C2-45A0-8D55-789F8BBD1518}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{E9220205-71B5-4286-A712-543729EB9FBA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E9E042D1-F60D-4DDC-B2E1-02AB16208B33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E9E37A3D-9655-4CD3-A844-12CEFCBEF822}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\james cameron's avatar - the game\bin\avatarlauncher.exe | "{ECC83A26-B70F-453C-9A1D-2C922ABF2986}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{ECF6438A-CC43-46D2-A0B0-EB8ADDB107CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{EF8E85D4-8D7A-4CC2-88CD-7DF28E85F125}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F185F655-505E-457D-A7FD-DCED56D962C3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F1B3BD2F-5941-49E5-88A8-31E793D52101}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{F298B381-87AF-4A07-8735-6151E8775FDB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F37FD324-C6B2-47B0-B36B-0B61532D57AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{F6A54222-465D-4306-9CB4-DF31BC1384F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{F6EADB2A-2C5A-442E-BBD7-D61A49D9768F}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{F77A62F0-BA4C-4DEF-98D8-2A5D4EB6E074}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\launcher.exe | "{F91125F2-F5DD-4A24-B150-A9E714C76EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe | "{FC115294-21D5-4D3D-A476-66A9B90B1CE4}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | "{FFCDC124-D754-45F6-90E8-EB8E2519B65D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{00B4F07C-6A08-48BE-BEF6-3EB09ABC49C8}C:\mati\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | "TCP Query User{04361FDA-9692-4C92-ACB6-C26290D57C18}C:\program files (x86)\ea games\alice madness returns the complete collection\game\alice1\bin\alice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\alice madness returns the complete collection\game\alice1\bin\alice.exe | "TCP Query User{0882AEE2-148A-4447-A441-4EE3D107CAAB}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "TCP Query User{0958E25B-63C8-4CCF-B3B8-5C9B9F4D5E48}C:\users\oem\desktop\matma\planetside2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\oem\desktop\matma\planetside2\planetside2.exe | "TCP Query User{1BB2AB7B-8753-41DE-A67A-FED33416C9F4}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "TCP Query User{218D45B9-ACB5-433D-A74F-3D6735FC12E1}C:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{21B8E037-6A6D-4365-99DF-1D661BEC99F5}C:\users\oem\desktop\matma\fifa13\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=c:\users\oem\desktop\matma\fifa13\fifa 13\game\fifa13.exe | "TCP Query User{22EF990A-44AA-4F06-9B99-46BC6E9F3332}C:\program files (x86)\dollar dash\binaries\win32\pkgame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dollar dash\binaries\win32\pkgame-win32-shipping.exe | "TCP Query User{234ABD03-7424-4EA3-A9B5-97DB454FBA3C}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe | "TCP Query User{2781D099-5851-479D-A8B5-436B3F1B2F77}C:\users\oem\desktop\matma\gatlinggears\game\gatlinggears\gatlinggears.exe" = protocol=6 | dir=in | app=c:\users\oem\desktop\matma\gatlinggears\game\gatlinggears\gatlinggears.exe | "TCP Query User{28695901-9052-4533-BA82-D7BFDBDCEE5F}C:\mati\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "TCP Query User{2C778D32-F780-40F7-8D04-19F323F3FEBB}C:\mati\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\launcher.exe | "TCP Query User{339B875D-7B68-4912-9251-7F359434C442}C:\program files (x86)\ubisoft\heroes of might and magic v - dzikie hordy\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - dzikie hordy\bin\h5_game.exe | "TCP Query User{35A37912-480D-4ACC-B781-97375706C1B4}C:\program files (x86)\ea games\alice madness returns the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\alice madness returns the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe | "TCP Query User{46F79DA5-56CD-4BCB-8C7B-C6E3B142D6E1}C:\mati\tf2\hl2.exe" = protocol=6 | dir=in | app=c:\mati\tf2\hl2.exe | "TCP Query User{47A1E73B-E470-41B6-BEB1-6C6F8F2B962B}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe | "TCP Query User{4D073B3F-3925-43D9-90FF-39E920186AAA}C:\program files (x86)\antichamber\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\antichamber\binaries\win32\udk.exe | "TCP Query User{4DD8B389-818F-4B25-9DA5-97DC2A90B70C}C:\program files (x86)\trapped dead\bin\trappeddead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trapped dead\bin\trappeddead.exe | "TCP Query User{50102CA6-CE33-415B-B04B-C9140353321B}C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe | "TCP Query User{52B326A7-DB0F-46B6-AF2E-C7C07E07FD62}C:\mati\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\backgrounddownloader.exe | "TCP Query User{5DACBD48-200A-43E9-AAE4-D632D8EDA48F}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe | "TCP Query User{6504AEDA-E3D2-4647-B1C7-8B509F86604F}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | "TCP Query User{658655F3-0643-4ED3-B796-7E320D991508}C:\mati\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\mati\bitcomet\bitcomet.exe | "TCP Query User{6A5B26A6-60DF-4DCF-99BD-F76D0CE38117}C:\program files (x86)\2k sports\nba 2k11\nba2k11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe | "TCP Query User{6EFF38D0-0BC3-42BB-B8D5-F7AAA4E26B5C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{709DB146-838C-4089-8C5D-F72ED0498AF7}C:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{70E6AE57-6C5A-4B84-AB57-CBB1291512F4}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | "TCP Query User{79CD78D9-09BB-46EA-978E-236205B263A8}C:\program files (x86)\dangesecond\resident. evil 6\bh6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dangesecond\resident. evil 6\bh6.exe | "TCP Query User{7C6E737A-626B-4079-9289-F67DD1D981D2}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe | "TCP Query User{7C91B209-B088-46BB-A8C9-9096721F6F1A}C:\mati\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe | "TCP Query User{7DE7D28A-4168-40C3-8334-A2DFAF0DAA3C}C:\mati\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe | "TCP Query User{7F286C3A-ED15-4646-9275-C43995B40544}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | "TCP Query User{82BDFE88-66B4-46E7-86B3-CD3CF08559CB}C:\program files (x86)\capcom\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | "TCP Query User{82CB4788-F65B-4EA3-8239-36ED8B1BD95B}C:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe | "TCP Query User{85ED1B18-0EA1-42CB-A1F9-A2CE4FEB27DB}C:\users\oem\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oem\appdata\local\akamai\netsession_win.exe | "TCP Query User{8682BC63-30EF-4FFA-8BAF-49180F029CB4}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | "TCP Query User{8896AC88-0D91-46E0-B2A7-A2C1F2E0E065}C:\program files (x86)\cyanide\blood bowl\bb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | "TCP Query User{89659564-0C99-43C3-9BA9-AD8702E2A686}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | "TCP Query User{8B558897-E32D-4610-A066-89984E51A9F9}C:\program files (x86)\cyanide\blood bowl legendary edition\bb_le.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl legendary edition\bb_le.exe | "TCP Query User{8D7E312B-A122-42CD-AC15-288BFA21560F}C:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "TCP Query User{952619ED-147C-4E4C-9834-5727589E2DBF}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | "TCP Query User{9B33E3ED-AE91-4A36-895F-C6EB2CC3EF9C}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "TCP Query User{A36E22C0-91AE-40C7-ABDF-D8C18867052A}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | "TCP Query User{ABB6371F-5EFC-4C9B-94B3-BE88F1883D74}C:\mati\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "TCP Query User{AE96441A-1A37-4383-9CE2-1098E75D13ED}C:\users\oem\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\oem\appdata\local\temp\gw2.exe | "TCP Query User{B510C2E3-8AE2-4BD0-976B-225316EA3D65}C:\mati\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "TCP Query User{BCF4805E-2683-4552-B9C5-8B245AB12FCA}C:\mati\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe | "TCP Query User{BDAAB3C8-3F95-443D-BE33-4C0EB1C28DCE}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | "TCP Query User{C5BB47A7-0BC3-4234-988E-9EDD697818F3}C:\program files (x86)\the cursed crusade\tcc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the cursed crusade\tcc.exe | "TCP Query User{CC3E7E43-B0B9-4567-BE55-785A77BAB2EB}C:\program files (x86)\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torchlight ii\torchlight2.exe | "TCP Query User{CFEA2E76-FC3A-4CB1-BE32-49B80BE545FF}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | "TCP Query User{D11F009D-BA36-4605-8202-EC7D6401E6CE}C:\Program Files (x86)\worms revolution\wormsrevolution.exe" = protocol=6 | dir=in | app=c:\program files (x86)\worms revolution\wormsrevolution.exe | "TCP Query User{D2591748-FE23-4587-AE1C-D173AC2CAD99}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "TCP Query User{D5A91FC1-4494-4A68-9107-601CC8CBFEC2}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "TCP Query User{D68A0D32-709A-40D5-8892-96ADDBB7081D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{D7142CC5-FC46-4A3E-B03C-E829CE8A5C44}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | "TCP Query User{D7F3D294-C1A0-40D1-A6CA-23ADED5CAD00}C:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe | "TCP Query User{E201F86C-048D-4D24-9197-6227CD4AE745}C:\mati\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\mati\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe | "TCP Query User{FC1DE3F2-0B52-4CB2-AD38-A8166FB6C626}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{000744B5-BFD3-4272-866B-F083E6611B2D}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | "UDP Query User{0220F4EC-3E06-4F7F-B95D-F5071AB7E4F3}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | "UDP Query User{02C76536-9AA8-4CDA-813E-44D0B063C2B5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{051A3000-B7F4-4371-8181-298F394B13EF}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe | "UDP Query User{0A2A614E-6247-419A-A550-B30CC09CCB8E}C:\mati\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\launcher.exe | "UDP Query User{0EE1ED24-CA01-41D8-B9D7-15F0D05F9D5D}C:\program files (x86)\ea games\alice madness returns the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\alice madness returns the complete collection\game\alice2\binaries\win32\alicemadnessreturns.exe | "UDP Query User{1A40F6E0-8378-4FEC-AB7C-2D30727383FA}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe | "UDP Query User{21C23D8A-16B3-4309-BBE0-53F69AAA9139}C:\program files (x86)\dangesecond\resident. evil 6\bh6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dangesecond\resident. evil 6\bh6.exe | "UDP Query User{257F876D-57E3-4B57-B3D7-2A0ABCA41F10}C:\program files (x86)\2k sports\nba 2k11\nba2k11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k11\nba2k11.exe | "UDP Query User{298625F4-40AA-4E1D-AF2A-B6DCF154E53B}C:\program files (x86)\ubisoft\heroes of might and magic v - dzikie hordy\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - dzikie hordy\bin\h5_game.exe | "UDP Query User{2B68AEAC-BF27-4A94-B516-F696E4AB1394}C:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{2DFAA169-81C7-4973-BDCF-78DB6661EA44}C:\mati\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe | "UDP Query User{3458458E-A53B-4B1F-ADE8-792A750969FE}C:\mati\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "UDP Query User{36CCC407-C3ED-4499-AFF3-942C6108A4A6}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "UDP Query User{42EA6120-4FD8-47AA-81CF-F1F84C635B34}C:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe | "UDP Query User{45C1D40A-6FF1-4225-B6F1-C88A7C6D0C95}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | "UDP Query User{45FC2373-4AAA-4B3F-9C29-F7FBB85C6FF1}C:\users\oem\desktop\matma\gatlinggears\game\gatlinggears\gatlinggears.exe" = protocol=17 | dir=in | app=c:\users\oem\desktop\matma\gatlinggears\game\gatlinggears\gatlinggears.exe | "UDP Query User{4B64AEC5-D379-4411-85E8-B501150697AD}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | "UDP Query User{4C67ED04-7D51-4323-9FE6-8C0BFCD5316B}C:\mati\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "UDP Query User{585DD318-1665-4689-9F5F-B7D475407E22}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | "UDP Query User{5CD5B467-FA76-4D36-A1C9-699AF3B100A0}C:\program files (x86)\trapped dead\bin\trappeddead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trapped dead\bin\trappeddead.exe | "UDP Query User{5FB8F1B5-5B9D-43BA-B497-1E2F0A6413DF}C:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\red 5 studios\firefall\system\bin\firefallclient.exe | "UDP Query User{60734DC6-FB27-41FA-A25F-5B4D8C488F2D}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | "UDP Query User{63220C96-956D-4295-AFE0-B937A61453FF}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{63EA6DE6-6478-4E7E-A3B5-E1DFCD8CE0A0}C:\users\oem\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oem\appdata\local\akamai\netsession_win.exe | "UDP Query User{66554BD9-CAD4-4EE4-B9CE-FAE709A04118}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe | "UDP Query User{66AB466F-B83F-431C-AA02-CF13434DB32F}C:\mati\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "UDP Query User{6E3F0381-8830-4358-9C29-5A7C835C769E}C:\program files (x86)\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torchlight ii\torchlight2.exe | "UDP Query User{745378EA-639D-47E9-A4AC-70F10ECE598E}C:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lgsp_lgsp\team fortress 2\hl2.exe | "UDP Query User{7F4DCDC4-F5B6-4F18-808F-38AB510B851E}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe | "UDP Query User{813E7F1B-445A-4E0E-8D10-499FE5AB6A6F}C:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\oem\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{886EC9EE-55EF-441B-AF1F-3C2BD10EA3DE}C:\program files (x86)\capcom\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | "UDP Query User{88FB94FE-BB3B-46AC-9401-E1C44DBF4B61}C:\users\oem\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\oem\appdata\local\temp\gw2.exe | "UDP Query User{8E081113-F543-4C52-8742-7F1CE3B8074C}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "UDP Query User{8F1A3C5B-2B5B-4A59-8E0E-433E07A2B0CC}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe | "UDP Query User{907A9F29-70E7-44F0-ADFB-1CC09550C3F1}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe | "UDP Query User{94E9CBBD-1B35-4A5D-B5C3-D4EE70558BD9}C:\program files (x86)\ea games\alice madness returns the complete collection\game\alice1\bin\alice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\alice madness returns the complete collection\game\alice1\bin\alice.exe | "UDP Query User{964343ED-BEE0-4D2C-9F48-53F3AE50D5FE}C:\mati\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\mati\bitcomet\bitcomet.exe | "UDP Query User{9C2DF9A3-CB6B-4C92-9143-2E5990701F01}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | "UDP Query User{A6F6B5E8-F724-4904-A74C-67E97C8CD1D1}C:\program files (x86)\dollar dash\binaries\win32\pkgame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dollar dash\binaries\win32\pkgame-win32-shipping.exe | "UDP Query User{AB5815D2-FB9C-4FD2-A759-411D788480B5}C:\program files (x86)\the cursed crusade\tcc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the cursed crusade\tcc.exe | "UDP Query User{B0031C69-83AD-42F8-9A64-685B7711A861}C:\mati\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | "UDP Query User{B10D7A4B-979F-4DC1-9EC0-D5DE1E08E100}C:\program files (x86)\cyanide\blood bowl\bb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | "UDP Query User{B327EB7B-8055-4BC2-B22A-477A52CE311E}C:\users\oem\desktop\matma\planetside2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\oem\desktop\matma\planetside2\planetside2.exe | "UDP Query User{B6C68430-720A-4813-9F93-A63D895375CB}C:\mati\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe | "UDP Query User{B9166F50-21E2-4A2E-B23A-AEBA51413B84}C:\users\oem\desktop\matma\fifa13\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=c:\users\oem\desktop\matma\fifa13\fifa 13\game\fifa13.exe | "UDP Query User{B98525A1-1D77-4212-959E-D56E8449F7AF}C:\program files (x86)\cyanide\blood bowl legendary edition\bb_le.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl legendary edition\bb_le.exe | "UDP Query User{BF9E22EF-374E-4BD8-96AF-9A2CE359226B}C:\Program Files (x86)\worms revolution\wormsrevolution.exe" = protocol=17 | dir=in | app=c:\program files (x86)\worms revolution\wormsrevolution.exe | "UDP Query User{C641B52A-8451-4A51-B0A0-6B020CDF4DDD}C:\mati\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe | "UDP Query User{CB540D1C-5152-46E7-AF2F-F6CF817E9D60}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "UDP Query User{CB54FB71-9161-406E-AF91-3EF5C5E79E13}C:\program files (x86)\antichamber\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\antichamber\binaries\win32\udk.exe | "UDP Query User{CD988684-8EF4-41F9-9AF4-AA393D938266}C:\mati\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe | "UDP Query User{CFE4C72B-D965-4B8E-9A0C-2BE5B1E3FB96}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | "UDP Query User{D32CABA1-A907-4938-91A6-40940483F695}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe | "UDP Query User{D9AEBF11-9F44-4C82-B2C0-C351D2F4E71A}C:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe | "UDP Query User{E76EC6BF-B95D-45F1-9118-96A0350D3804}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "UDP Query User{F63D6A23-8516-4FB9-B46F-D5E55DA91079}C:\mati\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\mati\world of warcraft\backgrounddownloader.exe | "UDP Query User{F9719928-11FA-464E-820E-C4796DC65AF5}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{FAC09088-1ABC-4D78-88C5-6C3E35A7FB75}C:\mati\tf2\hl2.exe" = protocol=17 | dir=in | app=c:\mati\tf2\hl2.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{1F6306D6-FB66-10D2-D474-5ADE4D57EE6B}" = AMD Fuel "{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding "{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5783F2D7-8001-0415-0102-0060B0CE6BBA}" = AutoCAD 2010 - Polski "{5783F2D7-8001-0415-1102-0060B0CE6BBA}" = Pakiet językowy programu AutoCAD 2010 - polski "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard "{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding "{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AutoCAD 2010 - Polski" = AutoCAD 2010 - Polski "Blender" = Blender "Lumion 2.5_is1" = Lumion 2.5 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "UDK-8807ced3-104d-4cd8-830e-3826c60537f6" = My Game Long Name "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C2C70B1-4441-4A76-B5E2-C339C24C63F3}" = Adobe Illustrator CS3 "{3CADB105-2F9B-4F2C-ACC1-27D0BF0ECD14}" = Adobe Setup "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech "{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm "{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8 "{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D954325-8513-471D-ABD4-24ED054F939A}" = Trine "{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57496D70-3C5A-4197-9908-128101444B73}" = USB Vibration Joystick "{5782EF38-8F32-4B9C-9A86-12877A93D8FE}" = Gatling Gears "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{673A3B21-469A-4ABA-B2C5-E25048E95A35}" = Adobe Photoshop CS3 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3 "{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish "{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8B827872-0BCB-4D58-9052-39B7D199435E}_is1" = Warhammer 40K Space Marine wersja 1.5 "{8C9DDCAA-91E1-4DAA-BC65-68BD80546B98}}_is1" = PIT-OPP 2011 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0415-1000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All "{A8B0DBDE-8119-48B0-8088-D12DA01C36BA}" = DownloadnSave "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5 "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.3 - Polish "{ACC75323-DB4A-4F7F-9AF2-1D1DEFF2D0B4}" = Heroes of Might & Magic V: Kuźnia Przeznaczenia "{ACC75323-DB4A-4F7F-9AF3-1D1DEFF2D1B5}" = Heroes of Might and Magic V - Tribes of the East "{ACC75323-DB4A-4f7f-9AF3-1D1DEFF2D1B5}_is1" = Heroes of Might and Magic V - Dzikie Hordy "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™ "{B1371574-4B13-4D3E-8F47-48C698732B00}" = Sonic & SEGA All-Stars Racing "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC836636-C4DE-FDDD-5DEE-0BCAD6FD6FAD}" = HydraVision "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English "{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup "{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2 "{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian "{F68563C0-2CCD-4799-A014-017A370D627B}" = Edycja kolekcjonerska Heroes of Might and Magic V "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB6E7BFE-4578-499F-90CD-F7B2525E838C}" = Adobe Setup "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "«Mark of the Ninja»_is1" = «Mark of the Ninja» "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_84a49277ac196a9b545ee07ff87f709" = Adobe Photoshop CS3 "Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional "Adobe_cd40c268fefdd8bfc54faa37df2ce97" = Adobe Illustrator CS3 "Akamai" = Akamai NetSession Interface "Allok RM RMVB to AVI MPEG DVD Converter_is1" = Allok RM RMVB to AVI MPEG DVD Converter 1.4.4 "Army Builder V2.2c" = Army Builder V2.2c "avast" = avast! Free Antivirus "Baron Samedi's Submods Compilation V5.0" = Baron Samedi's Submods Compilation V5.0 "Battlelog Web Plugins" = Battlelog Web Plugins "BioShock Infinite_is1" = BioShock Infinite version 1.0.0.0 "BitComet" = BitComet 1.19 "BitComet_x64" = BitComet 1.32 64-bit "BloodBowlLegendary_is1" = Blood Bowl Legendary Edition version 2.0.0.6 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Dead Space 3.Limited Edition + 1 DLC_is1" = Dead Space 3.Limited Edition + 1 DLC "Diablo III" = Diablo III "DmC Devil May Cry_is1" = DmC Devil May Cry "Dollar Dash_is1" = Dollar Dash "Dungeon Siege III_is1" = Dungeon Siege III "Dzielenie i łączenie plików_is1" = Dzielenie i łączenie plików v1.2.2 "ESN Sonar-0.70.4" = ESN Sonar "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "Guild Wars 2" = Guild Wars 2 "Hitman Absolution_is1" = Hitman Absolution "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning "Magicka_is1" = Magicka "Mozilla Firefox 20.0.1 (x86 pl)" = Mozilla Firefox 20.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mysteries of Westgate" = Neverwinter Nights 2 Adventure Pack: Mysteries of Westgate "NCLauncher_GameForge" = NC Launcher (GameForge) "Open Codecs" = Xiph.Org Open Codecs 0.85.17777 "OpenAL" = OpenAL "Origin" = Origin "PITy 2010_is1" = PITy 2010 dla Windows kompilacja:1.2.5.10 "Pity Format 2010_is1" = Pity Format 2010 "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.0 "Resident. Evil 6_is1" = Resident. Evil 6 "Rockstar Games Social Club" = Rockstar Games Social Club "Sleeping Dogs_is1" = Sleeping Dogs "SpeedFan" = SpeedFan (remove only) "Steam App 105430" = Age of Empires Online "Steam App 8930" = Sid Meier's Civilization V "Synthesia" = Synthesia (remove only) "Tombraider_is1" = Tombraider "Torchlight II (c) Runic Games_is1" = Torchlight II (c) Runic Games version 1 "Trine 2_is1" = Trine 2 "Warcraft III" = Warcraft III "Warkeys" = Warkeys 1.18.1.0b "Worms Revolution_is1" = Worms Revolution "Xvid_is1" = Xvid 1.2.2 final uninstall [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3340635731-3230715513-3752858382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "GameRanger" = GameRanger "Warcraft III" = Warcraft III: All Products [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-04-19 07:51:50 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0xfdc Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3cf444037d9a Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 8506967c-a8e7-11e2-9f47-002191f4251d Error - 2013-04-19 07:53:33 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Fuel.Service.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x50a6a1b0 Nazwa modułu powodującego błąd: Device.dll, wersja: 4.1.0.0, sygnatura czasowa: 0x4f55e10b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000033c1 Identyfikator procesu powodującego błąd: 0x870 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3cf4336d92a1 Ścieżka aplikacji powodującej błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Ścieżka modułu powodującego błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Identyfikator raportu: c2598545-a8e7-11e2-9f47-002191f4251d Error - 2013-04-19 09:23:51 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0xdd4 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3d010b643b37 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 5f725646-a8f4-11e2-998d-002191f4251d Error - 2013-04-19 13:14:43 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0x9bc Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3d214edb0c51 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: a013df1f-a914-11e2-9047-002191f4251d Error - 2013-04-19 22:33:28 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Fuel.Service.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x50a6a1b0 Nazwa modułu powodującego błąd: Device.dll, wersja: 4.1.0.0, sygnatura czasowa: 0x4f55e10b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000033c1 Identyfikator procesu powodującego błąd: 0x790 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3d214abeec19 Ścieżka aplikacji powodującej błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Ścieżka modułu powodującego błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Identyfikator raportu: aebd9a4b-a962-11e2-9047-002191f4251d Error - 2013-04-20 03:23:49 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0xfc8 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3d97fae93ed4 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 3e0b1174-a98b-11e2-bdf4-002191f4251d Error - 2013-04-20 05:43:29 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0xe64 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3dab7e1ad622 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: c16cf01a-a99e-11e2-9a34-002191f4251d Error - 2013-04-21 02:37:52 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0xe38 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3e5ab5a6fae0 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: fd425f94-aa4d-11e2-9cf3-002191f4251d Error - 2013-04-21 05:20:19 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Fuel.Service.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x50a6a1b0 Nazwa modułu powodującego błąd: Device.dll, wersja: 4.1.0.0, sygnatura czasowa: 0x4f55e10b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000033c1 Identyfikator procesu powodującego błąd: 0x454 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3e5aa07e8713 Ścieżka aplikacji powodującej błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Ścieżka modułu powodującego błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Identyfikator raportu: aee0547e-aa64-11e2-9cf3-002191f4251d Error - 2013-04-21 05:56:29 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0x9d8 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3e767937c88a Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: bcbfa82c-aa69-11e2-8685-002191f4251d Error - 2013-04-21 09:47:51 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Fuel.Service.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x50a6a1b0 Nazwa modułu powodującego błąd: Device.dll, wersja: 4.1.0.0, sygnatura czasowa: 0x4f55e10b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000033c1 Identyfikator procesu powodującego błąd: 0x1e4 Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3e76674bf238 Ścieżka aplikacji powodującej błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Ścieżka modułu powodującego błąd: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Identyfikator raportu: 0ef8f136-aa8a-11e2-8685-002191f4251d Error - 2013-04-21 09:49:24 | Computer Name = oem-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: kdbsync.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4f67a718 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator procesu powodującego błąd: 0x94c Godzina uruchomienia aplikacji powodującej błąd: 0x01ce3e970528d4e6 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 4664c0a8-aa8a-11e2-b8b0-002191f4251d [ Media Center Events ] Error - 2010-04-29 04:21:41 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 10:21:41 - Błąd podczas nawiązywania połączenia z Internetem. 10:21:41 - Nie można skontaktować się z serwerem.. Error - 2010-04-29 04:22:11 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 10:22:10 - Błąd podczas nawiązywania połączenia z Internetem. 10:22:10 - Nie można skontaktować się z serwerem.. Error - 2010-05-20 03:12:52 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 09:12:52 - Błąd podczas nawiązywania połączenia z Internetem. 09:12:52 - Nie można skontaktować się z serwerem.. Error - 2010-05-20 03:13:05 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 09:12:58 - Błąd podczas nawiązywania połączenia z Internetem. 09:12:58 - Nie można skontaktować się z serwerem.. Error - 2010-07-04 03:23:25 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 09:23:25 - Błąd podczas nawiązywania połączenia z Internetem. 09:23:25 - Nie można skontaktować się z serwerem.. Error - 2010-07-04 03:24:02 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 09:23:54 - Błąd podczas nawiązywania połączenia z Internetem. 09:23:54 - Nie można skontaktować się z serwerem.. Error - 2010-12-25 16:54:03 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 21:54:03 - Błąd podczas nawiązywania połączenia z Internetem. 21:54:03 - Nie można skontaktować się z serwerem.. Error - 2010-12-25 16:54:12 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 21:54:08 - Błąd podczas nawiązywania połączenia z Internetem. 21:54:08 - Nie można skontaktować się z serwerem.. Error - 2010-12-25 22:26:32 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 03:26:32 - Błąd podczas nawiązywania połączenia z Internetem. 03:26:32 - Nie można skontaktować się z serwerem.. Error - 2010-12-25 22:26:41 | Computer Name = oem-Komputer | Source = MCUpdate | ID = 0 Description = 03:26:37 - Błąd podczas nawiązywania połączenia z Internetem. 03:26:37 - Nie można skontaktować się z serwerem.. [ OSession Events ] Error - 2013-02-26 07:55:19 | Computer Name = oem-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 454 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 2013-04-21 02:37:04 | Computer Name = oem-Komputer | Source = Application Popup | ID = 875 Description = Sterownik atksgt.sys został zablokowany dla ładowania. Error - 2013-04-21 02:37:04 | Computer Name = oem-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%1275 Error - 2013-04-21 05:20:19 | Computer Name = oem-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa AMD FUEL Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-04-21 05:55:55 | Computer Name = oem-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi AODDriver4.1 z powodu następującego błędu: %%2 Error - 2013-04-21 05:55:57 | Computer Name = oem-Komputer | Source = Application Popup | ID = 875 Description = Sterownik atksgt.sys został zablokowany dla ładowania. Error - 2013-04-21 05:55:57 | Computer Name = oem-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%1275 Error - 2013-04-21 09:47:51 | Computer Name = oem-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa AMD FUEL Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2013-04-21 09:48:57 | Computer Name = oem-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi AODDriver4.1 z powodu następującego błędu: %%2 Error - 2013-04-21 09:48:59 | Computer Name = oem-Komputer | Source = Application Popup | ID = 875 Description = Sterownik atksgt.sys został zablokowany dla ładowania. Error - 2013-04-21 09:48:59 | Computer Name = oem-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi atksgt z powodu następującego błędu: %%1275 < End of report >

Gmer

Kod: Zaznacz wszystko: GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-21 16:37:25 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC38 931,51GB Running: z27esjsz.exe; Driver: C:\Users\oem\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000100120470 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000100120460 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000100120370 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000100120480 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001001203e0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000100120320 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000001001203b0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000100120390 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000001001202e0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000100120440 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000001001202d0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000100120310 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000001001203c0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000001001203f0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000100120230 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000100120490 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0xffffffff88930590} .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000001001203a0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000001001202f0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000100120350 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000100120290 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000001001202b0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000001001203d0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000100120330 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000100120410 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000100120240 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000001001201e0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000100120250 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000001001204a0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000001001204b0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000100120300 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000100120360 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000001001202a0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000001001202c0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000100120380 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000100120340 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000100120450 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0xffffffff8892fa90} .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000100120260 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000100120270 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000100120400 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000001001201f0 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000100120210 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000100120200 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000100120420 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000100120430 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000100120220 .text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000100120280 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\wininit.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\wininit.exe[524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000100120470 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000100120460 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000100120370 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000100120480 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001001203e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000100120320 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000001001203b0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000100120390 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000001001202e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000100120440 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000001001202d0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000100120310 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000001001203c0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000001001203f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000100120230 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000100120490 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0xffffffff88930590} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000001001203a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000001001202f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000100120350 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000100120290 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000001001202b0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000001001203d0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000100120330 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000100120410 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000100120240 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000001001201e0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000100120250 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000001001204a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000001001204b0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000100120300 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000100120360 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000001001202a0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000001001202c0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000100120380 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000100120340 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000100120450 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0xffffffff8892fa90} .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000100120260 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000100120270 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000100120400 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000001001201f0 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000100120210 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000100120200 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000100120420 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000100120430 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000100120220 .text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000100120280 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000100070490 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0xffffffff88880590} .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000100070450 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0xffffffff8887fa90} .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\lsass.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\lsass.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\lsm.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\winlogon.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0xffffffff88880590} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0xffffffff8887fa90} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000100070470 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000100070480 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000100070440 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000100070490 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0xffffffff88880590} .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000100070450 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0xffffffff8887fa90} .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\System32\svchost.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\System32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\AUDIODG.EXE[352] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[1148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\atieclxx.exe[1248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\Dwm.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\Explorer.EXE[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\Explorer.EXE[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000000779503e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 0000000077950400 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[1864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010030075c .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001003003a4 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100300b14 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100300ecc .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010030163c .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100301284 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001003019f4 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1040] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 00000001002e075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001002e03a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 00000001002e0b14 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 00000001002e0ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001002e163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 00000001002e1284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001002e19f4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2164] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe[2272] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 00000001001c1014 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 00000001001c0804 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 00000001001c0a08 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 00000001001c0c0c .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 00000001001c0e10 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001001c01f8 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001001c03fc .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 00000001001c0600 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[2360] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 3 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 4 0000000076335258 1 byte [89] .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE[2432] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 0000000100250a08 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001002301f8 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001002303fc .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 0000000100230600 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 0000000100230804 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 0000000100230a08 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 0000000100241014 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 3 bytes JMP 0000000100240804 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 4 0000000076335258 1 byte [89] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 0000000100240a08 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 0000000100240c0c .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 0000000100240e10 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001002401f8 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001002403fc .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 0000000100240600 .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074c41a22 2 bytes [C4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074c41ad0 2 bytes [C4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074c41b08 2 bytes [C4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074c41bba 2 bytes [C4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074c41bda 2 bytes [C4, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010037075c .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001003703a4 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 3 bytes JMP 0000000100370b14 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 00000000777ef834 1 byte [88] .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 3 bytes JMP 0000000100370ecc .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 00000000777ef894 1 byte [88] .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 3 bytes JMP 000000010037163c .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 00000000777ef974 1 byte [88] .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 3 bytes JMP 0000000100371284 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 00000000777efbb4 1 byte [88] .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 3 bytes JMP 00000001003719f4 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 00000000777f0be4 1 byte [88] .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\svchost.exe[2508] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 00000001001d075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001001d03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 00000001001d0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 00000001001d0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001001d163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 00000001001d1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001001d19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010015075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001001503a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100150b14 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100150ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010015163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100151284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001001519f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2788] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\KERNEL32.dll!SetUnhandledExceptionFilter 000000007566d03c 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75] .text ... * 2 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001001c01f8 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001001c03fc .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 00000001001c0600 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 00000001001c0804 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 00000001001c0a08 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 00000001001d1014 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 00000001001d0804 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 00000001001d0a08 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 00000001001d0c0c .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 00000001001d0e10 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001001d01f8 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001001d03fc .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 00000001001d0600 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75] .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75] .text ... * 2 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001002301f8 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001002303fc .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 0000000100230600 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 0000000100230804 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 0000000100230a08 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 0000000100241014 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 3 bytes JMP 0000000100240804 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 4 0000000076335258 1 byte [89] .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 0000000100240a08 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 0000000100240c0c .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 0000000100240e10 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001002401f8 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001002403fc .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 0000000100240600 .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75] .text C:\Users\oem\AppData\Local\Akamai\netsession_win.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75] .text ... * 2 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 0000000100261014 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 0000000100260c0c .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 0000000100260e10 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe[2924] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 0000000100260600 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b71465 2 bytes [B7, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b714bb 2 bytes [B7, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[928] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 0000000100260a08 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010018075c .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001001803a4 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100180b14 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100180ecc .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010018163c .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100181284 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001001819f4 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\SearchIndexer.exe[2668] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010017075c .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001001703a4 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100170b14 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100170ecc .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010017163c .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100171284 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001001719f4 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 00000001002d075c .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001002d03a4 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 00000001002d0b14 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 00000001002d0ecc .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001002d163c .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 00000001002d1284 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001002d19f4 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\svchost.exe[3168] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010039075c .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001003903a4 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000100070470 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000100070460 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100390b14 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100390ecc .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000100070480 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010039163c .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000100070440 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100391284 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000100070490 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0xffffffff88880590} .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000001000704b0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000100070450 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0xffffffff8887fa90} .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001003919f4 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\WUDFHost.exe[3196] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 00000001000a075c .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001000a03a4 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 00000001000a0b14 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 00000001000a0ecc .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001000a163c .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 00000001000a1284 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001000a19f4 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\svchost.exe[3288] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010034075c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001003403a4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100340b14 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100340ecc .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010034163c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100341284 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001003419f4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 00000001003c075c .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001003c03a4 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 00000001003c0b14 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 00000001003c0ecc .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 00000001003c163c .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 00000001003c1284 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001003c19f4 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\wbem\wmiprvse.exe[3856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010022075c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001002203a4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100220b14 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100220ecc .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010022163c .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100221284 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001002219f4 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010017075c .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001001703a4 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100170b14 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100170ecc .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010017163c .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100171284 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001001719f4 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\wbem\wmiprvse.exe[3692] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 00000001001e1014 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 00000001001e0c0c .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 00000001001e0e10 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3420] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010055075c .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001005503a4 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100550b14 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100550ecc .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010055163c .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100551284 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001005519f4 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[4080] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010046075c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001004603a4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100460b14 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100460ecc .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010046163c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100461284 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001004619f4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1360] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010039075c .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001003903a4 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100390b14 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100390ecc .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010039163c .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100391284 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001003919f4 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000776df1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\System32\svchost.exe[3076] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777c2c90 5 bytes JMP 000000010039075c .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000777d4420 5 bytes JMP 00000001003903a4 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777ef760 5 bytes JMP 0000000077950470 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777ef7b0 5 bytes JMP 0000000077950460 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777ef830 5 bytes JMP 0000000100390b14 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777ef890 5 bytes JMP 0000000100390ecc .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777ef910 5 bytes JMP 0000000077950370 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777ef960 5 bytes JMP 0000000077950480 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777ef970 5 bytes JMP 000000010039163c .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777efa20 5 bytes JMP 0000000077950320 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777efa50 5 bytes JMP 00000000779503b0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777efa70 5 bytes JMP 0000000077950390 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777efab0 5 bytes JMP 00000000779502e0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777efb00 5 bytes JMP 0000000077950440 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777efb30 5 bytes JMP 00000000779502d0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777efb50 5 bytes JMP 0000000077950310 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777efb90 5 bytes JMP 00000000779503c0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777efbb0 5 bytes JMP 0000000100391284 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777efbe0 5 bytes JMP 00000000779503f0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777efd40 5 bytes JMP 0000000077950230 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777eff00 1 byte JMP 0000000077950490 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00000000777eff02 3 bytes {JMP 0x160590} .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777eff30 5 bytes JMP 00000000779503a0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777f0010 5 bytes JMP 00000000779502f0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777f0020 5 bytes JMP 0000000077950350 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777f0080 5 bytes JMP 0000000077950290 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777f0110 5 bytes JMP 00000000779502b0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777f0130 5 bytes JMP 00000000779503d0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777f0140 5 bytes JMP 0000000077950330 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777f01b0 5 bytes JMP 0000000077950410 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777f01e0 5 bytes JMP 0000000077950240 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777f04a0 5 bytes JMP 00000000779501e0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777f0560 5 bytes JMP 0000000077950250 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777f0590 5 bytes JMP 00000000779504a0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777f05a0 5 bytes JMP 00000000779504b0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777f05d0 5 bytes JMP 0000000077950300 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777f05e0 5 bytes JMP 0000000077950360 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777f0640 5 bytes JMP 00000000779502a0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777f0690 5 bytes JMP 00000000779502c0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777f06c0 5 bytes JMP 0000000077950380 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777f06d0 5 bytes JMP 0000000077950340 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777f09c0 1 byte JMP 0000000077950450 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx + 2 00000000777f09c2 3 bytes {JMP 0x15fa90} .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777f0bc0 5 bytes JMP 0000000077950260 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777f0bd0 5 bytes JMP 0000000077950270 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777f0be0 5 bytes JMP 00000001003919f4 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777f0da0 5 bytes JMP 00000000779501f0 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777f0db0 5 bytes JMP 0000000077950210 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777f0e20 5 bytes JMP 0000000077950200 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777f0e80 5 bytes JMP 0000000077950420 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777f0e90 5 bytes JMP 0000000077950430 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777f0ea0 5 bytes JMP 0000000077950220 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777f0f80 5 bytes JMP 0000000077950280 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff496e00 5 bytes JMP 000007ff7f4b1dac .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff496f2c 5 bytes JMP 000007ff7f4b0ecc .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff497220 5 bytes JMP 000007ff7f4b1284 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff49739c 5 bytes JMP 000007ff7f4b163c .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff497538 5 bytes JMP 000007ff7f4b19f4 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4975e8 5 bytes JMP 000007ff7f4b03a4 .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff49790c 5 bytes JMP 000007ff7f4b075c .text C:\Windows\system32\wuauclt.exe[4440] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff497ab4 5 bytes JMP 000007ff7f4b0b14 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007799fa50 5 bytes JMP 0000000100030600 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007799fae8 5 bytes JMP 0000000100030804 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007799fc40 5 bytes JMP 0000000100030c0c .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007799ffc8 5 bytes JMP 0000000100030a08 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779a18b0 5 bytes JMP 0000000100030e10 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779bc4aa 5 bytes JMP 00000001000301f8 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779c1247 5 bytes JMP 00000001000303fc .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007568b0c5 1 byte [62] .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076335181 5 bytes JMP 0000000100251014 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076335254 5 bytes JMP 0000000100250804 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000763353d5 5 bytes JMP 0000000100250a08 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000763354c2 5 bytes JMP 0000000100250c0c .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000763355e2 5 bytes JMP 0000000100250e10 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007633567c 5 bytes JMP 00000001002501f8 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007633589f 5 bytes JMP 00000001002503fc .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076335a22 5 bytes JMP 0000000100250600 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000752af0e6 5 bytes JMP 00000001002601f8 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000752b3907 5 bytes JMP 00000001002603fc .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000752b8364 5 bytes JMP 0000000100260600 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752c06b3 5 bytes JMP 0000000100260804 .text C:\Users\oem\Desktop\matma\programosy\gmer\z27esjsz.exe[1456] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000752d0efc 5 bytes JMP 0000000100260a08 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 33 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 683331 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0x24 0x3E 0x71 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x36 0xDD 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x98 0xC5 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBC 0x7C 0x3E 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 33 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 683331 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 3 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0x24 0x3E 0x71 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x36 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x98 0xC5 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBC 0x7C 0x3E 0x21 ... ---- EOF - GMER 2.1 ----

P.S. przypomniałem sobie, że ostatnio drukowałem w innej drukarni niż zwykle i przyniosłem na pen drivie chyba jakiegoś wirusa co robił skrót na pendrivie do samego siebie (otwieram pen driva a tam skrót do pen driva), już to dawno sformatowałem ale może coś przeszło na kompa.
Liczę, że w końcu znajdzie się jakiś dobry człowiek, który upora się z moim problemem. Z góry dzięki.

Komputer laguje/tnie się

Komputer laguje/tnie się

Kto jest na forum